hbase-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Duo Zhang (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HBASE-19634) Add permission check for executeProcedures in AccessController
Date Wed, 03 Jan 2018 02:40:00 GMT

    [ https://issues.apache.org/jira/browse/HBASE-19634?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16309056#comment-16309056
] 

Duo Zhang commented on HBASE-19634:
-----------------------------------

[~stack] Our current permission check on open/close region is dummy...

We require superuser(for system table) or global Admin permission(for other table), but the
preOpen/preClose is called in OpenRegionHandler/CloseRegionHandler, which is executed in a
thread pool at RS side, so it will always be the system user...

Maybe we should pass the rpc user to the OpenRegionHandler/CloseRegionHandler, and use doAs
when doing the actual processing?

Thanks.

> Add permission check for executeProcedures in AccessController
> --------------------------------------------------------------
>
>                 Key: HBASE-19634
>                 URL: https://issues.apache.org/jira/browse/HBASE-19634
>             Project: HBase
>          Issue Type: Sub-task
>          Components: proc-v2, Replication
>            Reporter: Duo Zhang
>            Assignee: Duo Zhang
>         Attachments: HBASE-19634-HBASE-19397-v1.patch, HBASE-19634-HBASE-19397.patch
>
>
> This is important, the actual refresh on RS is trigger by the executeProcedure call and
it will pass some information. These information should not be fully trusted since anyone
can all this method. We need to make sure that the actual data/state for a replication peer
is always loaded from the replication storage, not from the parameter of the executeProcedure
call.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Mime
View raw message