[jira] [Commented] (HDFS-13668) FSPermissionChecker may throws AIOOE when check if inode has permission

Thu, 09 Aug 2018 05:57:12 -0700 


    [ 
https://issues.apache.org/jira/browse/HDFS-13668?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16574806#comment-16574806
 ] 

Wei-Chiu Chuang commented on HDFS-13668:
----------------------------------------

+1
{quote}{{INodeAttributeProvider}} is a public interface, we could not ensure 
external implement (e.g. Apache Sentry, Apache Ranger) also has the similar 
constraint.
{quote}
We've seen bugs in Apache Sentry that rendered invalid ACLs in the past. So 
this is entirely possible. We should probably revisit ACL checks in NameNode at 
some point and make them more defensive.

 
{code:java}
FileSystem fs = FileSystem.get(miniDFS.getConfiguration(0));{code}
We usually call miniDFS.getFileSystem() instead. But this is entirely valid.

 

> FSPermissionChecker may throws AIOOE when check if inode has permission
> -----------------------------------------------------------------------
>
>                 Key: HDFS-13668
>                 URL: https://issues.apache.org/jira/browse/HDFS-13668
>             Project: Hadoop HDFS
>          Issue Type: Bug
>          Components: namenode
>    Affects Versions: 3.1.0, 2.10.0, 2.7.7
>            Reporter: He Xiaoqiao
>            Assignee: He Xiaoqiao
>            Priority: Major
>         Attachments: HDFS-13668-trunk.001.patch, HDFS-13668-trunk.002.patch
>
>
> {{FSPermissionChecker}} may throw {{ArrayIndexOutOfBoundsException:0}} when 
> check if has permission, since it only check inode's {{aclFeature}} if null 
> or not but not check it's entry size. When it meets {{aclFeature}} not null 
> but it's entry size equal to 0, it will throw AIOOE.
> {code:java}
> private boolean hasPermission(INodeAttributes inode, FsAction access) {
>   ......
>   final AclFeature aclFeature = inode.getAclFeature();
>   if (aclFeature != null) {
>     // It's possible that the inode has a default ACL but no access ACL.
>     int firstEntry = aclFeature.getEntryAt(0);
>     if (AclEntryStatusFormat.getScope(firstEntry) == AclEntryScope.ACCESS) {
>       return hasAclPermission(inode, access, mode, aclFeature);
>     }
>   }
>   ......
> }
> {code}
> Actually if use default {{INodeAttributeProvider}}, it can ensure that when 
> {{inode}}'s aclFeature is not null and it's entry size also will be greater 
> than 0, but {{INodeAttributeProvider}} is a public interface, we could not 
> ensure external implement (e.g. Apache Sentry, Apache Ranger) also has the 
> similar constraint. 



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org

Reply via email to