[IMPALA-7217] UPDATE/DELETE statement with SELECT privilege can reveal the existence of a table - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Open
Priority: Minor
Resolution: Unresolved
Affects Version/s: Impala 3.0, Impala 2.12.0
Fix Version/s: None
Component/s: Frontend
Labels:
- security

Epic Color:
ghx-label-3

Description

For UPDATE/DELETE statement, ALL privilege on SERVER is required. However, having a SELECT privilege when executing UPDATE can reveal the existence of a table, i.e. an AnalysisException is thrown instead of AuthorizationException.

[localhost:21000] default> grant select on server to role foo_role;
+---------------------------------+
| summary                         |
+---------------------------------+
| Privilege(s) have been granted. |
+---------------------------------+
Fetched 1 row(s) in 0.02s
[localhost:21000] default> update doesntexist set a = 1;
ERROR: AnalysisException: Could not resolve table reference: 'doesntexist'

[localhost:21000] default> delete from doesntexist;
ERROR: AnalysisException: Could not resolve table reference: 'doesntexist'

Let's contrast this with UPSERT.

[localhost:21000] default> upsert into table doesntexist(id, name) values(1, 'a');
ERROR: AuthorizationException: User 'impdev' does not have privileges to access: default.doesntexist

Attachments

Activity

People

Assignee:: Fredy Wijaya

Reporter:: Fredy Wijaya

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 27/Jun/18 19:30

Updated:: 22/Aug/18 16:26