You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@zookeeper.apache.org by "Igor Delac (Jira)" <ji...@apache.org> on 2023/07/27 07:43:00 UTC

[jira] [Created] (ZOOKEEPER-4727) zNode deleted despite not having access rights (zNode with ACL)

Igor Delac created ZOOKEEPER-4727:
-------------------------------------

             Summary: zNode deleted despite not having access rights (zNode with ACL)
                 Key: ZOOKEEPER-4727
                 URL: https://issues.apache.org/jira/browse/ZOOKEEPER-4727
             Project: ZooKeeper
          Issue Type: Bug
          Components: java client, server
    Affects Versions: 3.8.1
            Reporter: Igor Delac


Hello,
 
I've found a problem with Zookeeper, allowing any client to delete a zNode regardless of the ACL set for the zNode.

I'm not sure if this issue is for the ordinary JIRA ticket, or the issue is a vulnerability problem.
 
Here are steps I used, to reproduce the problem:
 
1) Create zNode /users.
2) Create zNode /users/john.
 
[zk: localhost:2181(CONNECTED) 1] create /users
Created /users
[zk: localhost:2181(CONNECTED) 2] create /users/john

 
3) Set auth.scheme digest, with password 'john123' on the zNode /users/john.
 
3.1) Generate digest for the user john and password john123.
 
root@dev-id-client:/opt/zookeeper-3.8.2# java -classpath 'lib/*' org.apache.zookeeper.server.auth.DigestAuthenticationProvider john:john123
16:02:56.377 [main] INFO org.apache.zookeeper.server.auth.DigestAuthenticationProvider - ACL digest algorithm is: SHA1
john:john123->john:SNEZzLxGQHaYcjRvU8KnG1WX9rU=
root@dev-id-client:/opt/zookeeper-3.8.2#
 
3.2) Assign ACL for the zNode /users/john.
 
[zk: localhost:2181(CONNECTED) 6] setAcl /users/john digest:john:SNEZzLxGQHaYcjRvU8KnG1WX9rU=:cdrwa

[zk: localhost:2181(CONNECTED) 7]


 
4) Test the access to the zNode /users/john. Try to read the ACL.
 
[zk: localhost:2181(CONNECTED) 7] getAcl /users/john
Insufficient permission : /users/john
[zk: localhost:2181(CONNECTED) 8]

 
Here the response makes sense. Because of the zNode ACL set, access is denied.
 
5) Try to delete the zNode /users/john.
 
[zk: localhost:2181(CONNECTED) 8] delete /users/john
[zk: localhost:2181(CONNECTED) 9]

 
I'd expect here to see *Insufficient permission* message.
 
6) Verify that zNode was successfully deleted.
 
[zk: localhost:2181(CONNECTED) 9] stat /users/john
Node does not exist: /users/john
[zk: localhost:2181(CONNECTED) 10]

 
7) whoami command shows the following.
 
[zk: localhost:2181(CONNECTED) 10] whoami
Auth scheme: User
ip: 127.0.0.1
[zk: localhost:2181(CONNECTED) 11]
 
 
In my opinion, delete operation should not be possible if the zNode access was rejected, eg. *getAcl* fails with {*}Insufficient permission : /users/john{*}.
 



--
This message was sent by Atlassian Jira
(v8.20.10#820010)