You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@ozone.apache.org by "Wei-Chiu Chuang (Jira)" <ji...@apache.org> on 2023/01/08 00:51:00 UTC

[jira] [Created] (HDDS-7750) Incorrect WRITE ACL check

Wei-Chiu Chuang created HDDS-7750:
-------------------------------------

             Summary: Incorrect WRITE ACL check
                 Key: HDDS-7750
                 URL: https://issues.apache.org/jira/browse/HDDS-7750
             Project: Apache Ozone
          Issue Type: Sub-task
          Components: Ozone Manager
            Reporter: Wei-Chiu Chuang


[https://github.com/apache/ozone/blob/2ba8bb71f128ec619c5bed9b6303394e8677bf53/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/KeyManagerImpl.java#L1056]

 
{code:java}
if (context.getAclRights() == IAccessAuthorizer.ACLType.WRITE) {
  keyInfo =
      metadataManager.getOpenKeyTable(bucketLayout).get(objectKey);
...

if (keyInfo == null) {
  // the key does not exist, but it is a parent "dir" of some key
  // let access be determined based on volume/bucket/prefix ACL
  LOG.debug("key:{} is non-existent parent, permit access to user:{}",
      keyName, context.getClientUgi());
  return true;
} {code}
Using key name, instead of the open key name (which has client id as the suffix), the key is guaranteed to not be found, and thus keyInfo is always true for WRITE ACL type. Therefore, this ACL check will always pass. This looks undesirable.

 

cc: [~smeng] 



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@ozone.apache.org
For additional commands, e-mail: issues-help@ozone.apache.org