You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@ozone.apache.org by "Nandakumar (Jira)" <ji...@apache.org> on 2023/01/23 16:16:00 UTC
[jira] [Assigned] (HDDS-7750) Incorrect WRITE ACL check
[ https://issues.apache.org/jira/browse/HDDS-7750?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Nandakumar reassigned HDDS-7750:
--------------------------------
Assignee: Nandakumar
> Incorrect WRITE ACL check
> -------------------------
>
> Key: HDDS-7750
> URL: https://issues.apache.org/jira/browse/HDDS-7750
> Project: Apache Ozone
> Issue Type: Sub-task
> Components: Ozone Manager
> Reporter: Wei-Chiu Chuang
> Assignee: Nandakumar
> Priority: Major
>
> [https://github.com/apache/ozone/blob/2ba8bb71f128ec619c5bed9b6303394e8677bf53/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/KeyManagerImpl.java#L1056]
>
> {code:java}
> if (context.getAclRights() == IAccessAuthorizer.ACLType.WRITE) {
> keyInfo =
> metadataManager.getOpenKeyTable(bucketLayout).get(objectKey);
> ...
> if (keyInfo == null) {
> // the key does not exist, but it is a parent "dir" of some key
> // let access be determined based on volume/bucket/prefix ACL
> LOG.debug("key:{} is non-existent parent, permit access to user:{}",
> keyName, context.getClientUgi());
> return true;
> } {code}
> Using key name, instead of the open key name (which has client id as the suffix), the key is guaranteed to not be found, and thus keyInfo is always true for WRITE ACL type. Therefore, this ACL check will always pass. This looks undesirable.
>
> cc: [~smeng]
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@ozone.apache.org
For additional commands, e-mail: issues-help@ozone.apache.org