You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@hive.apache.org by "Eugene Koifman (JIRA)" <ji...@apache.org> on 2013/10/25 23:30:30 UTC
[jira] [Updated] (HIVE-5635) WebHCatJTShim23 ignores security/user
context
[ https://issues.apache.org/jira/browse/HIVE-5635?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Eugene Koifman updated HIVE-5635:
---------------------------------
Attachment: HIVE-5635.patch
ToDo: patch needs to be tested on Hadoop 2.2.0
> WebHCatJTShim23 ignores security/user context
> ---------------------------------------------
>
> Key: HIVE-5635
> URL: https://issues.apache.org/jira/browse/HIVE-5635
> Project: Hive
> Issue Type: Bug
> Components: WebHCat
> Affects Versions: 0.12.0
> Reporter: Eugene Koifman
> Assignee: Eugene Koifman
> Attachments: HIVE-5635.patch
>
>
> WebHCatJTShim23 takes UserGroupInformation object as argument (which represents the user make the call to WebHCat or doAs user) but ignores.
> WebHCatJTShim20S uses the UserGroupInformation
> This is inconsistent and may be a security hole because in with Hadoop 2 the methods on WebHCatJTShim are likely running with 'hcat' as the user context.
--
This message was sent by Atlassian JIRA
(v6.1#6144)