ranger-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Zsombor Gegesy (JIRA)" <j...@apache.org>
Subject [jira] [Created] (RANGER-1707) Traverse check in RangerHdfsAuthorizer works incorrectly
Date Sat, 22 Jul 2017 09:49:00 GMT
Zsombor Gegesy created RANGER-1707:
--------------------------------------

             Summary: Traverse check in RangerHdfsAuthorizer works incorrectly
                 Key: RANGER-1707
                 URL: https://issues.apache.org/jira/browse/RANGER-1707
             Project: Ranger
          Issue Type: Bug
          Components: plugins
    Affects Versions: 1.0.0
            Reporter: Zsombor Gegesy
            Assignee: Zsombor Gegesy
             Fix For: 1.0.0


Traversal check in RangerHdfsAuthorizer works incorrectly, when it is asked for access to
/a/b/c.txt, it only checks that if there are a policy which grants EXEC to /a/b, but if it
there aren't any, then it doesn't check, if there is a policy which grants READ, WRITE or
EXEC to /a/b/c.txt explicitly, which would mean, that the path is accessible to the user.
 This hasn't noticed by the current unit tests, because HDFS before 2.8.0 doesn't called the
traversal check before reading or writing a file, however it will cause problem with 2.8.0,
where FSDirectory.resolvePath will perform a mandatory traversal check.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Mime
View raw message