Description
The normal flow for region merge is:
1. client sends a master RPC for dispatch merge regions
2. master moves the regions to the same regionserver
3. master calls mergeRegions RPC on the regionserver.
For user initiated region merge, MasterRpcServices#dispatchMergingRegions() is called by HBaseAdmin.
There is no coprocessor invocation in step 1.
Step 3 is carried out in the "hbase" user context.
This leaves potential security hole - any user without proper authorization can merge regions of any table.
Thanks to Enis who spotted this flaw first.
Attachments
Attachments
Issue Links
- is related to
-
HBASE-15173 Execute mergeRegions RPC call as the request user
- Resolved