[jira] [Commented] (HADOOP-9984) FileSystem#globStatus and FileSystem#listStatus should resolve symlinks by default

Tue, 12 May 2015 13:29:01 -0700 

    [ 
https://issues.apache.org/jira/browse/HADOOP-9984?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14540644#comment-14540644
 ] 

Arun Suresh commented on HADOOP-9984:
-------------------------------------

Apologize for chiming in late..

>From Hive/Sentry perspective, the following could be a security issue :

In the situation where hive impersonation is turned off. An external table 
might be created (say.. located at {{/external/foo}} ) to ingest data from an 
external source. Read and Write ACLs are generally granted to those table 
directories via Sentry or possibly even Hive auth... lets say a user/group 
{{bar}} is NOT granted access to that table. It is possible for the hive user 
to create a symlink from the above {{foo}} table or a contained partition 
directory to another table directory for which {{bar}} has read access to. 
Since Hive does not perform symlink resolution while accessing table data, 
technically {{bar}} will now be able to read data written to {{foo}}

Does this make sense ?


> FileSystem#globStatus and FileSystem#listStatus should resolve symlinks by 
> default
> ----------------------------------------------------------------------------------
>
>                 Key: HADOOP-9984
>                 URL: https://issues.apache.org/jira/browse/HADOOP-9984
>             Project: Hadoop Common
>          Issue Type: Sub-task
>          Components: fs
>    Affects Versions: 2.1.0-beta
>            Reporter: Colin Patrick McCabe
>            Assignee: Colin Patrick McCabe
>            Priority: Critical
>              Labels: BB2015-05-TBR
>         Attachments: HADOOP-9984.001.patch, HADOOP-9984.003.patch, 
> HADOOP-9984.005.patch, HADOOP-9984.007.patch, HADOOP-9984.009.patch, 
> HADOOP-9984.010.patch, HADOOP-9984.011.patch, HADOOP-9984.012.patch, 
> HADOOP-9984.013.patch, HADOOP-9984.014.patch, HADOOP-9984.015.patch
>
>
> During the process of adding symlink support to FileSystem, we realized that 
> many existing HDFS clients would be broken by listStatus and globStatus 
> returning symlinks.  One example is applications that assume that 
> !FileStatus#isFile implies that the inode is a directory.  As we discussed in 
> HADOOP-9972 and HADOOP-9912, we should default these APIs to returning 
> resolved paths.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to