You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@flink.apache.org by "ASF GitHub Bot (JIRA)" <ji...@apache.org> on 2017/02/16 11:34:41 UTC

[jira] [Commented] (FLINK-5818) change checkpoint dir permission to 700 for security reason

    [ https://issues.apache.org/jira/browse/FLINK-5818?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15869776#comment-15869776 ] 

ASF GitHub Bot commented on FLINK-5818:
---------------------------------------

GitHub user WangTaoTheTonic opened a pull request:

    https://github.com/apache/flink/pull/3335

    [FLINK-5818][Security]change checkpoint dir permission to 700

    Now checkpoint directory is made w/o specified permission, so it is easy for another user to delete or read files under it, which will cause restore failure or information leak.
    
    It's better to lower it down to 700.
    
    - [x] Tests & Build
      - Functionality added by the pull request is covered by tests
    ![chp-filesystem-session](https://cloud.githubusercontent.com/assets/5276001/23019741/d753e8e0-f47e-11e6-9f2e-2cd35de35ef1.JPG)
    


You can merge this pull request into a Git repository by running:

    $ git pull https://github.com/WangTaoTheTonic/flink FLINK-5818

Alternatively you can review and apply these changes as the patch at:

    https://github.com/apache/flink/pull/3335.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

    This closes #3335
    
----
commit 02eef87dc2bfaa6737efad023916898719d34fe2
Author: WangTaoTheTonic <wa...@huawei.com>
Date:   2017-02-16T11:24:43Z

    change checkpoint dir permission to 700

----


> change checkpoint dir permission to 700 for security reason
> -----------------------------------------------------------
>
>                 Key: FLINK-5818
>                 URL: https://issues.apache.org/jira/browse/FLINK-5818
>             Project: Flink
>          Issue Type: Improvement
>          Components: Security, State Backends, Checkpointing
>            Reporter: Tao Wang
>
> Now checkpoint directory is made w/o specified permission, so it is easy for another user to delete or read files under it, which will cause restore failure or information leak.
> It's better to lower it down to 700.



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)