You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues-all@impala.apache.org by "Csaba Ringhofer (Jira)" <ji...@apache.org> on 2021/11/15 17:41:00 UTC
[jira] [Created] (IMPALA-11019) Errors in column mask processing can leak information about column
Csaba Ringhofer created IMPALA-11019:
----------------------------------------
Summary: Errors in column mask processing can leak information about column
Key: IMPALA-11019
URL: https://issues.apache.org/jira/browse/IMPALA-11019
Project: IMPALA
Issue Type: New Feature
Components: Frontend
Reporter: Csaba Ringhofer
The following error exception can reveal the existance of a column with column mask even if the user does not have any privilege on the mask:
https://github.com/apache/impala/blob/b692a92fa2a2277a185fb5823592609b4603c0d8/fe/src/main/java/org/apache/impala/authorization/TableMask.java#L95
This leads to not registering the privilege request and also not adding anything to the audit log.
I don't consider this to be a serious security threat, as not having privilege on a column BUT having a column mask on it seems unrealistic to me. I still think that we should fix this for our behavior by hiding the error or registering a privilege request.
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-all-unsubscribe@impala.apache.org
For additional commands, e-mail: issues-all-help@impala.apache.org