You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@couchdb.apache.org by "Mike Wallace (JIRA)" <ji...@apache.org> on 2014/09/10 17:17:33 UTC
[jira] [Resolved] (COUCHDB-2325) fabric:get_security/2 can return
security objects from nodes that are in maintenance mode
[ https://issues.apache.org/jira/browse/COUCHDB-2325?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Mike Wallace resolved COUCHDB-2325.
-----------------------------------
Resolution: Fixed
> fabric:get_security/2 can return security objects from nodes that are in maintenance mode
> -----------------------------------------------------------------------------------------
>
> Key: COUCHDB-2325
> URL: https://issues.apache.org/jira/browse/COUCHDB-2325
> Project: CouchDB
> Issue Type: Bug
> Security Level: public(Regular issues)
> Components: BigCouch
> Reporter: Mike Wallace
> Fix For: 2.0.0
>
>
> Currently, fabric:get_security/2 calls fabric_util:get_db/2 and if the node servicing a request does not have a shard for the db then fabric_util:get_db/2 can return a shard from a node which is in maintenance mode.
> If that node is a replacement node that has not yet been brought into the cluster then the security object will be empty. Because fabric:get_security/2 is in the code path for authorizing requests at the HTTP layer this can result in live nodes returning 403s. I have verified that this issue exists even though cassim now handles authorization (cassim eventually makes the same call to fabric:get_security/2).
> The crux of the problem is that the algorithm used by fabric_util:get_db/2 doesn't account for the possibility of nodes being in maintenance mode.
> See https://gist.github.com/mikewallace1979/8d01bb8661a50762bfc3 for the steps to reproduce locally.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)