[HIVE-5989] Hive metastore authorization check is not threadsafe - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Critical
Resolution: Fixed
Affects Version/s: 0.11.0, 0.12.0, 0.12.1
Fix Version/s: 0.13.0
Component/s: Metastore, Security
Labels:
None

Description

Metastore-side authorization has a couple of pretty important threadsafety bugs in it:

a) The HiveMetastoreAuthenticated instantiated by the AuthorizationPreEventListener is static. This is a premature optimization and incorrect, as it will result in Authenticator implementations that store state potentially giving an incorrect result, and this bug very much exists with the DefaultMetastoreAuthenticator.

b) It assumes HMSHandler.getHiveConf() is itself going to be thread-safe, which it is not. HMSHandler.getConf() is the appropriate thread-safe equivalent.

The effect of this bug is that if there are two users that are concurrently running jobs on the metastore, we might :

a) Allow a user to do something they didn't have permission to, because the other person did. (Security hole)
b) Disallow a user from doing something they should have permission to (More common - annoying and can cause job failures)

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

HIVE-5989.2.patch
13/Feb/14 16:32
9 kB
Sushanth Sowmyan
HIVE-5989.patch
09/Dec/13 22:42
9 kB
Sushanth Sowmyan
SleepyAP.patch
09/Dec/13 22:41
5 kB
Sushanth Sowmyan

Activity

People

Assignee:: Sushanth Sowmyan

Reporter:: Sushanth Sowmyan

Votes:: 0 Vote for this issue

Watchers:: 6 Start watching this issue

Dates

Created:: 09/Dec/13 22:35

Updated:: 14/Feb/14 00:26

Resolved:: 14/Feb/14 00:26