You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@drill.apache.org by "Steven Phillips (JIRA)" <ji...@apache.org> on 2015/10/02 22:47:26 UTC

[jira] [Commented] (DRILL-3820) Nested Directories : Metadata Cache in a directory stores information from sub-directories as well creating security issues

    [ https://issues.apache.org/jira/browse/DRILL-3820?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14941735#comment-14941735 ] 

Steven Phillips commented on DRILL-3820:
----------------------------------------

My initial thought was to simply set the permissions to 700 for the metadata file. But that would cause problems when there is impersonation, as the impersonated user would not be able to read the metadata file.

I actually think the best approach is to have the REFRESH command run as the user who gave the command, not the drill process user. That way, only a user who has permission to read all of the subdirectories and files, as well as write to all of the directories, will be able to run the REFRESH command. The metadata file should have the same owner and permissions as the directory it is placed in. It should be documented that running this command will expose some amount of metadata in all underlying directories to anyone who has permission to read the top level directory.

This will at the very least prevent someone from exploiting the REFRESH command in order to access metadata in a directory that don't have permission to read.

> Nested Directories : Metadata Cache in a directory stores information from sub-directories as well creating security issues
> ---------------------------------------------------------------------------------------------------------------------------
>
>                 Key: DRILL-3820
>                 URL: https://issues.apache.org/jira/browse/DRILL-3820
>             Project: Apache Drill
>          Issue Type: Bug
>          Components: Metadata
>            Reporter: Rahul Challapalli
>            Assignee: Steven Phillips
>            Priority: Critical
>             Fix For: 1.2.0
>
>
> git.commit.id.abbrev=3c89b30
> User A has access to lineitem folder and its subfolders
> User B had access to lineitem folder but not its sub-folders.
> Now when User A runs the "refresh table metadata lineitem" command, the cache file gets created under lineitem folder. This file contains information from the underlying sub-directories as well.
> Now User B can download this file and get access to information which he should not be seeing in the first place.
> This can be very easily reproducible if impersonation is enabled on the cluster.
> Let me know if you need more information to reproduce this issue



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)