[HBASE-15132] Master region merge RPC should authorize user request - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 1.3.0, 2.0.0
Component/s: None
Labels:
None

Hadoop Flags:

Reviewed

Description

The normal flow for region merge is:
1. client sends a master RPC for dispatch merge regions
2. master moves the regions to the same regionserver
3. master calls mergeRegions RPC on the regionserver.

For user initiated region merge, MasterRpcServices#dispatchMergingRegions() is called by HBaseAdmin.

There is no coprocessor invocation in step 1.
Step 3 is carried out in the "hbase" user context.

This leaves potential security hole - any user without proper authorization can merge regions of any table.

Thanks to Enis who spotted this flaw first.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

HBASE-15132-branch-1.v6.patch
22/Jan/16 15:36
24 kB
Ted Yu
HBASE-15132.v8.patch
23/Jan/16 02:22
23 kB
Ted Yu
HBASE-15132.v7.patch
22/Jan/16 21:15
24 kB
Ted Yu
HBASE-15132.v6.patch
22/Jan/16 04:03
24 kB
Ted Yu
HBASE-15132.v5.patch
21/Jan/16 21:44
24 kB
Ted Yu
HBASE-15132.v4.patch
21/Jan/16 20:36
24 kB
Ted Yu
HBASE-15132.v2.patch
21/Jan/16 17:18
8 kB
Ted Yu
HBASE-15132.v1.patch
20/Jan/16 17:10
9 kB
Ted Yu

Issue Links

is related to

HBASE-15173 Execute mergeRegions RPC call as the request user

Resolved

Activity

People

Assignee:: Ted Yu

Reporter:: Ted Yu

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Dates

Created:: 20/Jan/16 02:48

Updated:: 26/Jan/16 19:04

Resolved:: 24/Jan/16 15:53