spark-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Mihaly Toth (Jira)" <j...@apache.org>
Subject [jira] [Commented] (SPARK-29078) Spark shell fails if read permission is not granted to hive warehouse directory
Date Wed, 02 Oct 2019 19:58:00 GMT

    [ https://issues.apache.org/jira/browse/SPARK-29078?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16943118#comment-16943118
] 

Mihaly Toth commented on SPARK-29078:
-------------------------------------

But if the user has access to that directory (which is the hive warehouse directory), it can
see what databases are there regardless of having access to those databases or not. This is
not the worst security gap, so if we believe this is acceptable I dont mind closing this jira.

> Spark shell fails if read permission is not granted to hive warehouse directory
> -------------------------------------------------------------------------------
>
>                 Key: SPARK-29078
>                 URL: https://issues.apache.org/jira/browse/SPARK-29078
>             Project: Spark
>          Issue Type: Bug
>          Components: SQL
>    Affects Versions: 3.0.0
>            Reporter: Mihaly Toth
>            Priority: Major
>
> Similarly to SPARK-20256, in {{SharedSessionState}} when {{GlobalTempViewManager}} is
created, it is checked that there is no database exists that has the same name as of the global
temp database (name is configurable with {{spark.sql.globalTempDatabase}}) , because that
is a special database, which should not exist in the metastore. For this, a read permission
is required on the warehouse directory at the moment, which on the other hand would allow
listing all the databases of all users.
> When such a read access is not granted for security reasons, an access violation exception
should be ignored upon such initial validation.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@spark.apache.org
For additional commands, e-mail: issues-help@spark.apache.org


Mime
View raw message