Hive
  1. Hive
  2. HIVE-3009

do authorization for all metadata operations

    Details

    • Type: Bug Bug
    • Status: Open
    • Priority: Major Major
    • Resolution: Unresolved
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: Authorization, Metastore
    • Labels:
      None

      Description

      Most of the metadata read operations and some write operations are not checking for authorization.
      See org.apache.hadoop.hive.ql.plan.HiveOperation . Operations such as DESCTABLE and DROPDATABASE have null for required privileges.

        Activity

        Hide
        Hudson added a comment -

        Integrated in Hive-trunk-h0.21 #1500 (See https://builds.apache.org/job/Hive-trunk-h0.21/1500/)
        HIVE-3009 Memory leak in TUGIContainingTransport (Ashutosh Chauhan via egc) (Revision 1352260)

        Result = FAILURE
        ecapriolo : http://svn.apache.org/viewcvs.cgi/?root=Apache-SVN&view=rev&rev=1352260
        Files :

        • /hive/trunk/shims/src/common/java/org/apache/hadoop/hive/thrift/TUGIContainingTransport.java
        Show
        Hudson added a comment - Integrated in Hive-trunk-h0.21 #1500 (See https://builds.apache.org/job/Hive-trunk-h0.21/1500/ ) HIVE-3009 Memory leak in TUGIContainingTransport (Ashutosh Chauhan via egc) (Revision 1352260) Result = FAILURE ecapriolo : http://svn.apache.org/viewcvs.cgi/?root=Apache-SVN&view=rev&rev=1352260 Files : /hive/trunk/shims/src/common/java/org/apache/hadoop/hive/thrift/TUGIContainingTransport.java
        Hide
        Vandana Ayyalasomayajula added a comment -
        Show
        Vandana Ayyalasomayajula added a comment - Review Link: https://reviews.facebook.net/D4635
        Hide
        Carl Steinbach added a comment -

        @Vandana: If this is ready for review please set the status to "Patch Available". Thanks.

        Show
        Carl Steinbach added a comment - @Vandana: If this is ready for review please set the status to "Patch Available". Thanks.
        Hide
        Vandana Ayyalasomayajula added a comment -

        @Carl: I am having problems making the build + tests run using ant. So I am just waiting to get them passed. Once I get that successfully done, I will mark the jira as patch available.

        Show
        Vandana Ayyalasomayajula added a comment - @Carl: I am having problems making the build + tests run using ant. So I am just waiting to get them passed. Once I get that successfully done, I will mark the jira as patch available.
        Hide
        Ashutosh Chauhan added a comment -

        @Vandana : If you are still working on this, please update the patch and I will take a look.

        Show
        Ashutosh Chauhan added a comment - @Vandana : If you are still working on this, please update the patch and I will take a look.
        Hide
        Sushanth Sowmyan added a comment -

        I'm +1 on intent/code attached on the review.

        I've still not got all the tests to pass on the current branch, but that might be due to issues on my end. If we get all tests succeeding, this can be patched in.

        Show
        Sushanth Sowmyan added a comment - I'm +1 on intent/code attached on the review. I've still not got all the tests to pass on the current branch, but that might be due to issues on my end. If we get all tests succeeding, this can be patched in.
        Hide
        Hudson added a comment -

        Integrated in Hive-trunk-hadoop2 #54 (See https://builds.apache.org/job/Hive-trunk-hadoop2/54/)
        HIVE-3009 Memory leak in TUGIContainingTransport (Ashutosh Chauhan via egc) (Revision 1352260)

        Result = ABORTED
        ecapriolo : http://svn.apache.org/viewcvs.cgi/?root=Apache-SVN&view=rev&rev=1352260
        Files :

        • /hive/trunk/shims/src/common/java/org/apache/hadoop/hive/thrift/TUGIContainingTransport.java
        Show
        Hudson added a comment - Integrated in Hive-trunk-hadoop2 #54 (See https://builds.apache.org/job/Hive-trunk-hadoop2/54/ ) HIVE-3009 Memory leak in TUGIContainingTransport (Ashutosh Chauhan via egc) (Revision 1352260) Result = ABORTED ecapriolo : http://svn.apache.org/viewcvs.cgi/?root=Apache-SVN&view=rev&rev=1352260 Files : /hive/trunk/shims/src/common/java/org/apache/hadoop/hive/thrift/TUGIContainingTransport.java
        Hide
        Mikhail Antonov added a comment -

        The bug is marked as "unresolved", so whatever progress has been make, it wasn't integrated in any official release branches?

        Show
        Mikhail Antonov added a comment - The bug is marked as "unresolved", so whatever progress has been make, it wasn't integrated in any official release branches?
        Hide
        Vandana Ayyalasomayajula added a comment -

        Mikhail Antonov-- Yes, you are right. I could not pursue the patch further. If you or someone is interested, they can work on the jira.

        Show
        Vandana Ayyalasomayajula added a comment - Mikhail Antonov -- Yes, you are right. I could not pursue the patch further. If you or someone is interested, they can work on the jira.
        Hide
        Alex Nastetsky added a comment -

        Hi, are there still plans to fix this ticket? It is creating a security concern in our scenario where we have different databases for each customer but any user can do "show tables" in any database. Thanks.

        Show
        Alex Nastetsky added a comment - Hi, are there still plans to fix this ticket? It is creating a security concern in our scenario where we have different databases for each customer but any user can do "show tables" in any database. Thanks.
        Hide
        Sushanth Sowmyan added a comment -

        Hi,

        This bug's status is now mostly abandoned and should be marked RESOLVED-INVALID. Hive Authorization has been reworked, and is being tracked over at https://issues.apache.org/jira/browse/HIVE-5837 , following a SQL standard authorization mode.

        As part of design, it was decided that metastore-level security for show/describe was difficult to separate form client-side security, which is inherently insecure, and thus, the truly secure model is to use something like HiveServer2, lock down the metastore and not allow any outside access to it, and then use SQL standard authorization on top of that.

        Show
        Sushanth Sowmyan added a comment - Hi, This bug's status is now mostly abandoned and should be marked RESOLVED-INVALID. Hive Authorization has been reworked, and is being tracked over at https://issues.apache.org/jira/browse/HIVE-5837 , following a SQL standard authorization mode. As part of design, it was decided that metastore-level security for show/describe was difficult to separate form client-side security, which is inherently insecure, and thus, the truly secure model is to use something like HiveServer2, lock down the metastore and not allow any outside access to it, and then use SQL standard authorization on top of that.
        Hide
        Sushanth Sowmyan added a comment -

        Tagging Thejas M Nair so he add further detail and/or close as necessary.

        Show
        Sushanth Sowmyan added a comment - Tagging Thejas M Nair so he add further detail and/or close as necessary.
        Hide
        Alex Nastetsky added a comment -

        Thanks Sushanth, I will ask for clarification on the ticked you linked to.

        Show
        Alex Nastetsky added a comment - Thanks Sushanth, I will ask for clarification on the ticked you linked to.

          People

          • Assignee:
            Vandana Ayyalasomayajula
            Reporter:
            Thejas M Nair
          • Votes:
            0 Vote for this issue
            Watchers:
            16 Start watching this issue

            Dates

            • Created:
              Updated:

              Development