Details

      Description

      The current implementation persists and ACL bit in FSImage and editlogs. Moreover, the security decisions also depend on whether the bit is set.

      The problem here is that we have to maintain the implicit invariant, which is the ACL bit is set if and only if the the inode has AclFeature. The invariant has to be maintained everywhere otherwise it can lead to a security vulnerability. In the worst case, an attacker can toggle the bit and bypass the ACL checks.

      The jira proposes to treat the ACL bit as a transient bit. The bit should not be persisted onto the disk, neither it should affect any security decisions.

        Attachments

        1. HDFS-5923.000.patch
          29 kB
          Haohui Mai
        2. HDFS-5923.001.patch
          30 kB
          Haohui Mai
        3. HDFS-5923.002.patch
          58 kB
          Chris Nauroth
        4. HDFS-5923.003.patch
          33 kB
          Haohui Mai
        5. HDFS-5923.004.patch
          61 kB
          Chris Nauroth

          Issue Links

            Activity

              People

              • Assignee:
                wheat9 Haohui Mai
                Reporter:
                wheat9 Haohui Mai
              • Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: