Major Description
The current permission checker of #MountTableStoreImpl is not very restrict. In some case, any user could add/update/remove MountTableEntry without the expected permission checking.
The following code segment try to check permission when operate MountTableEntry, however mountTable object is from Client/RouterAdmin MountTable mountTable = request.getEntry();, and user could pass any mode which could bypass the permission checker.
public void checkPermission(MountTable mountTable, FsAction access) throws AccessControlException { if (isSuperUser()) { return; } FsPermission mode = mountTable.getMode(); if (getUser().equals(mountTable.getOwnerName()) && mode.getUserAction().implies(access)) { return; } if (isMemberOfGroup(mountTable.getGroupName()) && mode.getGroupAction().implies(access)) { return; } if (!getUser().equals(mountTable.getOwnerName()) && !isMemberOfGroup(mountTable.getGroupName()) && mode.getOtherAction().implies(access)) { return; } throw new AccessControlException( "Permission denied while accessing mount table " + mountTable.getSourcePath() + ": user " + getUser() + " does not have " + access.toString() + " permissions."); }
I just propose revoke WRITE MountTableEntry privilege to super user only.