ranger-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Zsombor Gegesy (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (RANGER-1707) Traverse check in RangerHdfsAuthorizer works incorrectly
Date Wed, 22 Nov 2017 12:42:00 GMT

     [ https://issues.apache.org/jira/browse/RANGER-1707?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel

Zsombor Gegesy updated RANGER-1707:
    Attachment: RANGER-1707-3.patch

> Traverse check in RangerHdfsAuthorizer works incorrectly
> --------------------------------------------------------
>                 Key: RANGER-1707
>                 URL: https://issues.apache.org/jira/browse/RANGER-1707
>             Project: Ranger
>          Issue Type: Bug
>          Components: plugins
>    Affects Versions: 1.0.0
>            Reporter: Zsombor Gegesy
>            Assignee: Zsombor Gegesy
>              Labels: hdfs-2.8
>             Fix For: 1.0.0
>         Attachments: 0001-RANGER-1707-Fix-hdfs-traverse-check-which-problem-wa.patch,
RANGER-1707-2.patch, RANGER-1707-3.patch
> Traversal check in RangerHdfsAuthorizer works incorrectly, when it is asked for access
to /a/b/c.txt, it only checks that if there are a policy which grants EXEC to /a/b, but if
it there aren't any, then it doesn't check, if there is a policy which grants READ, WRITE
or EXEC to /a/b/c.txt explicitly, which would mean, that the path is accessible to the user.
>  This hasn't noticed by the current unit tests, because HDFS before 2.8.0 doesn't called
the traversal check before reading or writing a file, however it will cause problem with 2.8.0,
where FSDirectory.resolvePath will perform a mandatory traversal check.

This message was sent by Atlassian JIRA

View raw message