Return-Path: X-Original-To: archive-asf-public@cust-asf.ponee.io Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by cust-asf.ponee.io (Postfix) with SMTP id 9F50E160C26 for ; Wed, 3 Jan 2018 03:40:04 +0100 (CET) Received: (qmail 32376 invoked by uid 500); 3 Jan 2018 02:40:03 -0000 Mailing-List: contact issues-help@hbase.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Delivered-To: mailing list issues@hbase.apache.org Received: (qmail 32362 invoked by uid 99); 3 Jan 2018 02:40:03 -0000 Received: from pnap-us-west-generic-nat.apache.org (HELO spamd2-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 03 Jan 2018 02:40:03 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd2-us-west.apache.org (ASF Mail Server at spamd2-us-west.apache.org) with ESMTP id CC6E21A07C3 for ; Wed, 3 Jan 2018 02:40:02 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd2-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: -99.211 X-Spam-Level: X-Spam-Status: No, score=-99.211 tagged_above=-999 required=6.31 tests=[KAM_ASCII_DIVIDERS=0.8, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01, USER_IN_WHITELIST=-100] autolearn=disabled Received: from mx1-lw-eu.apache.org ([10.40.0.8]) by localhost (spamd2-us-west.apache.org [10.40.0.9]) (amavisd-new, port 10024) with ESMTP id kxRO0T_j8i6R for ; Wed, 3 Jan 2018 02:40:01 +0000 (UTC) Received: from mailrelay1-us-west.apache.org (mailrelay1-us-west.apache.org [209.188.14.139]) by mx1-lw-eu.apache.org (ASF Mail Server at mx1-lw-eu.apache.org) with ESMTP id 43B085F666 for ; Wed, 3 Jan 2018 02:40:01 +0000 (UTC) Received: from jira-lw-us.apache.org (unknown [207.244.88.139]) by mailrelay1-us-west.apache.org (ASF Mail Server at mailrelay1-us-west.apache.org) with ESMTP id 5465BE002F for ; Wed, 3 Jan 2018 02:40:00 +0000 (UTC) Received: from jira-lw-us.apache.org (localhost [127.0.0.1]) by jira-lw-us.apache.org (ASF Mail Server at jira-lw-us.apache.org) with ESMTP id 0B285240DA for ; Wed, 3 Jan 2018 02:40:00 +0000 (UTC) Date: Wed, 3 Jan 2018 02:40:00 +0000 (UTC) From: "Duo Zhang (JIRA)" To: issues@hbase.apache.org Message-ID: In-Reply-To: References: Subject: [jira] [Commented] (HBASE-19634) Add permission check for executeProcedures in AccessController MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 archived-at: Wed, 03 Jan 2018 02:40:05 -0000 [ https://issues.apache.org/jira/browse/HBASE-19634?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16309056#comment-16309056 ] Duo Zhang commented on HBASE-19634: ----------------------------------- [~stack] Our current permission check on open/close region is dummy... We require superuser(for system table) or global Admin permission(for other table), but the preOpen/preClose is called in OpenRegionHandler/CloseRegionHandler, which is executed in a thread pool at RS side, so it will always be the system user... Maybe we should pass the rpc user to the OpenRegionHandler/CloseRegionHandler, and use doAs when doing the actual processing? Thanks. > Add permission check for executeProcedures in AccessController > -------------------------------------------------------------- > > Key: HBASE-19634 > URL: https://issues.apache.org/jira/browse/HBASE-19634 > Project: HBase > Issue Type: Sub-task > Components: proc-v2, Replication > Reporter: Duo Zhang > Assignee: Duo Zhang > Attachments: HBASE-19634-HBASE-19397-v1.patch, HBASE-19634-HBASE-19397.patch > > > This is important, the actual refresh on RS is trigger by the executeProcedure call and it will pass some information. These information should not be fully trusted since anyone can all this method. We need to make sure that the actual data/state for a replication peer is always loaded from the replication storage, not from the parameter of the executeProcedure call. -- This message was sent by Atlassian JIRA (v6.4.14#64029)