[HDFS-10276] HDFS should not expose path info that user has no permission to see. - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 2.8.0, 2.7.4, 3.0.0-alpha1
Component/s: fs, security
Labels:
- security

Hadoop Flags:

Reviewed

Description

This following issue is remedied by ~~HDFS-5802~~.

Given you have a file /file an existence check for the path /file/whatever will give different responses for different implementations of FileSystem.

LocalFileSystem will return false while DistributedFileSystem will throw org.apache.hadoop.security.AccessControlException: Permission denied: ..., access=EXECUTE, ...

However, ~~HDFS-5802~~ may expose information about a path that user doesn't have permission to see.

For example, if the user asks for /a/b/c, but does not have permission to list /a, we should not complain about /a/b

Attachments

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

HDFS-10276.001.patch
21/Apr/16 09:28
2 kB
Yuanbo Liu
HDFS-10276.002.patch
25/Apr/16 06:55
3 kB
Yuanbo Liu
HDFS-10276.003.patch
28/Apr/16 09:16
12 kB
Yuanbo Liu
HDFS-10276.004.patch
01/May/16 03:06
11 kB
Yuanbo Liu
HDFS-10276.005.patch
16/May/16 10:30
3 kB
Yuanbo Liu
HDFS-10276.006.patch
18/May/16 03:03
4 kB
Yuanbo Liu

Issue Links

relates to

HDFS-5802 NameNode does not check for inode type before traversing down a path

Resolved

Activity

People

Assignee:: Yuanbo Liu

Reporter:: Kevin Cox

Votes:: 0 Vote for this issue

Watchers:: 7 Start watching this issue

Dates

Created:: 11/Apr/16 16:22

Updated:: 06/Mar/18 21:23

Resolved:: 27/May/16 17:26