zookeeper-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Bhupendra Kumar Jain (JIRA)" <j...@apache.org>
Subject [jira] [Comment Edited] (ZOOKEEPER-2591) The deletion of Container znode doesn't check ACL delete permission
Date Sat, 08 Jul 2017 18:14:00 GMT

    [ https://issues.apache.org/jira/browse/ZOOKEEPER-2591?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16079260#comment-16079260
] 

Bhupendra Kumar Jain edited comment on ZOOKEEPER-2591 at 7/8/17 6:13 PM:
-------------------------------------------------------------------------

As I understand, Request object  (org.apache.zookeeper.server.Request) is created in server
side only.  Idea was to have boolean to indicate the type of request like system internal
request or client request.  Since this boolean will be set only by server so client can not
control this. We can also do this by some other way like extend Request to create DeleteContainerRequest
and check the request oject instance type in prepRequestProcessor and then skip the ACL for
system generated request.

{quote}
Another possibility is to somehow disallow OpCode.deleteContainer coming from a connected
client.
{quote}

I agree your idea  to disallow deleteContainer request from client completely. That way there
is no need to add ACL check . I think we can check this in processPacket() method before submitting
the request to request Processor.


was (Author: bhupendra):

As I understand, Request object  (org.apache.zookeeper.server.Request) is created in server
side only.  Idea was to have boolean to indicate the type of request like system internal
request or client request.  Since this boolean will be set only by server so client can not
control this. We can also do this by some other way like extend Request to create DeleteContainerRequest
and check the request oject instance type in prepRequestProcessor.

{quote}
Another possibility is to somehow disallow OpCode.deleteContainer coming from a connected
client.
{quote}

I agree your idea  to disallow deleteContainer request from client completely. That way there
is no need to add ACL check . I think we can check this in processPacket() method before submitting
the request to request Processor.

> The deletion of Container znode doesn't check ACL delete permission
> -------------------------------------------------------------------
>
>                 Key: ZOOKEEPER-2591
>                 URL: https://issues.apache.org/jira/browse/ZOOKEEPER-2591
>             Project: ZooKeeper
>          Issue Type: Bug
>          Components: security, server
>            Reporter: Edward Ribeiro
>            Assignee: Edward Ribeiro
>
> Container nodes check the ACL before creation, but the deletion doesn't check  the ACL
rights. The code below succeeds even tough we removed ACL access permissions for "/a".
> {code}
>         zk.create("/a", null, Ids.OPEN_ACL_UNSAFE, CreateMode.CONTAINER);
>         ArrayList<ACL> list = new ArrayList<>();
>         list.add(new ACL(0, Ids.ANYONE_ID_UNSAFE));
>         zk.setACL("/", list, -1);
>         zk.delete("/a", -1);
> {code}



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Mime
View raw message