You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@drill.apache.org by "Rahul Challapalli (JIRA)" <ji...@apache.org> on 2015/09/22 20:44:04 UTC

[jira] [Created] (DRILL-3820) Nested Directories : Metadata Cache in a directory stores information from sub-directories as well creating security issues

Rahul Challapalli created DRILL-3820:
----------------------------------------

             Summary: Nested Directories : Metadata Cache in a directory stores information from sub-directories as well creating security issues
                 Key: DRILL-3820
                 URL: https://issues.apache.org/jira/browse/DRILL-3820
             Project: Apache Drill
          Issue Type: Bug
          Components: Metadata
            Reporter: Rahul Challapalli
            Assignee: Steven Phillips
            Priority: Critical
             Fix For: 1.2.0


git.commit.id.abbrev=3c89b30

User A has access to lineitem folder and its subfolders
User B had access to lineitem folder but not its sub-folders.

Now when User A runs the "refresh table metadata lineitem" command, the cache file gets created under lineitem folder. This file contains information from the underlying sub-directories as well.

Now User B can download this file and get access to information which he should not be seeing in the first place.

This can be very easily reproducible if impersonation is enabled on the cluster.

Let me know if you need more information to reproduce this issue



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)