You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@sentry.apache.org by "Sergio Peña (JIRA)" <ji...@apache.org> on 2017/12/12 17:02:02 UTC
[jira] [Commented] (SENTRY-2097) Sentry privileges model: Can
Sentry take a database privileges away from a server privileges?
[ https://issues.apache.org/jira/browse/SENTRY-2097?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16287882#comment-16287882 ]
Sergio Peña commented on SENTRY-2097:
-------------------------------------
[~coheig] [~akolb] Here's the jira for the security issue mentioned on the security@sentry.apache.org. We need some investigation to see if this still applies to our current releases.
> Sentry privileges model: Can Sentry take a database privileges away from a server privileges?
> ---------------------------------------------------------------------------------------------
>
> Key: SENTRY-2097
> URL: https://issues.apache.org/jira/browse/SENTRY-2097
> Project: Sentry
> Issue Type: Bug
> Components: Sentry
> Reporter: Sergio Peña
> Priority: Critical
>
> This issue has been allocated:
> CVE-2017-15711
> From security@sentry.apache.org:
> Assume I have a user |jack| and a group |datateam|. The
> user |jack| belongs to group |datateam|.
> Use Sentry for authorization.
> |create role admin; grant role admin to group datateam; grant all on
> server server1 to role admin; |
> Now the role |admin| has the following priveleges.
> {noformat}
> |+-----------+--------+------------+---------+-----------------+-----------------+------------+---------------+-------------------+----------+--+
> | database | table | partition | column | principal_name |
> principal_type | privilege | grant_option | grant_time | grantor |
> +-----------+--------+------------+---------+-----------------+-----------------+------------+---------------+-------------------+----------+--+
> | * | | | | admin | ROLE | * | false | 1480985013185000 | -- |
> +-----------+--------+------------+---------+-----------------+-----------------+------------+---------------+-------------------+----------+--+|
> {noformat}
> Assume I have this database.
> |create database testdb; |
> It is successful. User |jack| created a database |testdb|.
> Use Sentry to revoke the privileges on |testdb|;
> |revoke all on database `testdb` from role admin; |
> The priveleges is still the same.
> {noformat}
> |+-----------+--------+------------+---------+-----------------+-----------------+------------+---------------+-------------------+----------+--+
> | database | table | partition | column | principal_name |
> principal_type | privilege | grant_option | grant_time | grantor |
> +-----------+--------+------------+---------+-----------------+-----------------+------------+---------------+-------------------+----------+--+
> | * | | | | admin | ROLE | * | false | 1480985013185000 | -- |
> +-----------+--------+------------+---------+-----------------+-----------------+------------+---------------+-------------------+----------+--+|
> {noformat}
> Shouldn't Sentry take the privileges on database |testdb| away from the
> server |server1|?
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)