Description
Traversal check in RangerHdfsAuthorizer works incorrectly, when it is asked for access to /a/b/c.txt, it only checks that if there are a policy which grants EXEC to /a/b, but if it there aren't any, then it doesn't check, if there is a policy which grants READ, WRITE or EXEC to /a/b/c.txt explicitly, which would mean, that the path is accessible to the user.
This hasn't noticed by the current unit tests, because HDFS before 2.8.0 doesn't called the traversal check before reading or writing a file, however it will cause problem with 2.8.0, where FSDirectory.resolvePath will perform a mandatory traversal check.
Attachments
Attachments
Issue Links
- is duplicated by
-
RANGER-1894 Fix HDFS tests to work with Hadoop 3.0.0
- Resolved