Uploaded image for project: 'HBase'
  1. HBase
  2. HBASE-10860

Insufficient AccessController covering permission check

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 0.98.0
    • Fix Version/s: 0.99.0, 0.98.2
    • Component/s: security
    • Labels:
      None
    • Hadoop Flags:
      Reviewed

      Description

        List<Cell> list = (List<Cell>)entry.getValue();
        if (list == null || list.isEmpty()) {
      	get.addFamily(col);
        } else {
      	for (Cell cell : list) {
      	  get.addColumn(col, CellUtil.cloneQualifier(cell));
      	}
        }
      

      When a delete family Mutation comes, a Cell will be added into the list with Qualifier as null. (See Delete#deleteFamily(byte[])). So it will miss getting added against the check list == null || list.isEmpty(). We will fail getting the cells under this cf for covering permission check.

        Attachments

          Activity

            People

            • Assignee:
              anoop.hbase Anoop Sam John
              Reporter:
              anoop.hbase Anoop Sam John
            • Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: