Uploaded image for project: 'Slider'
  1. Slider
  2. SLIDER-931

Security permissions on set up ZK path are too lax

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • Slider 0.80
    • Slider 0.81
    • client
    • None

    Description

      Slider creates a unique ZK path for each app launch, deleting it on teardown

      HBase security tests are throwing up that the path is being created world writeable, rather than world-read. Being world write means its possible for malicious code to replace the path with a different one.

      This is only a risk on a secure cluster; ZK's security model on insecure clusters is only a hint that can be bypassed

      Attachments

        Activity

          People

            stevel@apache.org Steve Loughran
            stevel@apache.org Steve Loughran
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Time Tracking

                Estimated:
                Original Estimate - 0.5h
                0.5h
                Remaining:
                Remaining Estimate - 0.5h
                0.5h
                Logged:
                Time Spent - Not Specified
                Not Specified