hive-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "shanyu zhao (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HIVE-5635) WebHCatJTShim23 ignores security/user context
Date Fri, 17 Jan 2014 06:34:21 GMT

    [ https://issues.apache.org/jira/browse/HIVE-5635?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13874499#comment-13874499
] 

shanyu zhao commented on HIVE-5635:
-----------------------------------

Hi [~ekoifman], any reason you used 2 nested ugi.doAs()? Isn't 1 doAs() enough?

> WebHCatJTShim23 ignores security/user context
> ---------------------------------------------
>
>                 Key: HIVE-5635
>                 URL: https://issues.apache.org/jira/browse/HIVE-5635
>             Project: Hive
>          Issue Type: Bug
>          Components: WebHCat
>    Affects Versions: 0.12.0
>            Reporter: Eugene Koifman
>            Assignee: Eugene Koifman
>             Fix For: 0.13.0
>
>         Attachments: HIVE-5635.2.patch, HIVE-5635.3.patch, HIVE-5635.patch
>
>
> WebHCatJTShim23 takes UserGroupInformation object as argument (which represents the user
make the call to WebHCat or doAs user) but ignores.
> WebHCatJTShim20S uses the UserGroupInformation
> This is inconsistent and may be a security hole because in with Hadoop 2 the  methods
on WebHCatJTShim are likely running with 'hcat' as the user context.



--
This message was sent by Atlassian JIRA
(v6.1.5#6160)

Mime
View raw message