You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@drill.apache.org by "Steven Phillips (JIRA)" <ji...@apache.org> on 2015/10/01 20:02:26 UTC
[jira] [Updated] (DRILL-3820) Nested Directories : Metadata Cache
in a directory stores information from sub-directories as well creating
security issues
[ https://issues.apache.org/jira/browse/DRILL-3820?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Steven Phillips updated DRILL-3820:
-----------------------------------
Assignee: (was: Steven Phillips)
> Nested Directories : Metadata Cache in a directory stores information from sub-directories as well creating security issues
> ---------------------------------------------------------------------------------------------------------------------------
>
> Key: DRILL-3820
> URL: https://issues.apache.org/jira/browse/DRILL-3820
> Project: Apache Drill
> Issue Type: Bug
> Components: Metadata
> Reporter: Rahul Challapalli
> Priority: Critical
> Fix For: 1.2.0
>
>
> git.commit.id.abbrev=3c89b30
> User A has access to lineitem folder and its subfolders
> User B had access to lineitem folder but not its sub-folders.
> Now when User A runs the "refresh table metadata lineitem" command, the cache file gets created under lineitem folder. This file contains information from the underlying sub-directories as well.
> Now User B can download this file and get access to information which he should not be seeing in the first place.
> This can be very easily reproducible if impersonation is enabled on the cluster.
> Let me know if you need more information to reproduce this issue
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)