[
https://issues.apache.org/jira/browse/ZOOKEEPER-2591?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16073224#comment-16073224
]
Bhupendra Kumar Jain commented on ZOOKEEPER-2591:
-------------------------------------------------
About solution to have a check node.stat.getCversion() > 0 , I have one doubt .
Lets consider a scenario as below
1. create container node
2. create child1
3. delete child1
cVersion = 1 , child count = 0
4. create child2
5. delete child2
6. cVersion = 2, child count = 0
7. Timer triggers and deletes container node
What if malicious user deletes the container node after step 3. I agree that
after step 3 even if system timer runs it will delete the container node too
... But then why allow malicious user to delete at all ...
In my opinion we can have a internal Boolean in Request object which marked as
true by ContainerManager and false for all other cases. We can skip the ACL
check only if Boolean if true. Does it make sense ?
> The deletion of Container znode doesn't check ACL delete permission
> -------------------------------------------------------------------
>
> Key: ZOOKEEPER-2591
> URL: https://issues.apache.org/jira/browse/ZOOKEEPER-2591
> Project: ZooKeeper
> Issue Type: Bug
> Components: security, server
> Reporter: Edward Ribeiro
> Assignee: Edward Ribeiro
>
> Container nodes check the ACL before creation, but the deletion doesn't check
> the ACL rights. The code below succeeds even tough we removed ACL access
> permissions for "/a".
> {code}
> zk.create("/a", null, Ids.OPEN_ACL_UNSAFE, CreateMode.CONTAINER);
> ArrayList<ACL> list = new ArrayList<>();
> list.add(new ACL(0, Ids.ANYONE_ID_UNSAFE));
> zk.setACL("/", list, -1);
> zk.delete("/a", -1);
> {code}
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
