You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues-all@impala.apache.org by "Csaba Ringhofer (Jira)" <ji...@apache.org> on 2021/11/15 17:41:00 UTC

[jira] [Created] (IMPALA-11019) Errors in column mask processing can leak information about column

Csaba Ringhofer created IMPALA-11019:
----------------------------------------

             Summary: Errors in column mask processing can leak information about column
                 Key: IMPALA-11019
                 URL: https://issues.apache.org/jira/browse/IMPALA-11019
             Project: IMPALA
          Issue Type: New Feature
          Components: Frontend
            Reporter: Csaba Ringhofer


The following error exception can reveal the existance of a column with column mask even if the user does not have any privilege on the mask:
https://github.com/apache/impala/blob/b692a92fa2a2277a185fb5823592609b4603c0d8/fe/src/main/java/org/apache/impala/authorization/TableMask.java#L95

This leads to not registering the privilege request and also not adding anything to the audit log.

I don't consider this to be a serious security threat, as not having privilege on a column BUT having a column mask on it seems unrealistic to me. I  still think that we should fix this for our behavior by hiding the error or registering a privilege request.



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-all-unsubscribe@impala.apache.org
For additional commands, e-mail: issues-all-help@impala.apache.org