[ https://issues.apache.org/jira/browse/HBASE-13768?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14570018#comment-14570018 ]
Hudson commented on HBASE-13768: -------------------------------- FAILURE: Integrated in HBase-1.0 #944 (See [https://builds.apache.org/job/HBase-1.0/944/]) HBASE-13768 ZooKeeper znodes are bootstrapped with insecure ACLs in a secure configuration (ADDENDUM for meta znode) (enis: rev 20337f4f2a4b62a31097e961bdec01edf40a79bf) * hbase-client/src/test/java/org/apache/hadoop/hbase/zookeeper/TestZooKeeperWatcher.java * hbase-client/src/main/java/org/apache/hadoop/hbase/zookeeper/ZooKeeperWatcher.java > ZooKeeper znodes are bootstrapped with insecure ACLs in a secure configuration > ------------------------------------------------------------------------------ > > Key: HBASE-13768 > URL: https://issues.apache.org/jira/browse/HBASE-13768 > Project: HBase > Issue Type: Bug > Reporter: Andrew Purtell > Assignee: Enis Soztutar > Priority: Blocker > Fix For: 2.0.0, 0.98.13, 1.0.2, 1.2.0, 1.1.1, 0.98.12.1, 1.0.1.1, > 1.1.0.1 > > Attachments: HBASE-13768-0.98.patch, HBASE-13768-branch-1.0.patch, > HBASE-13768-branch-1.patch, HBASE-13768_v1-addendum-branch-1.0.patch, > HBASE-13768_v1.patch, HBASE-13768_v2.patch, HBASE-13768_v3.patch, > HBASE-13768_v4.patch > > > A logic error causes HBase in most secure configuration deployments to handle > its coordination state in ZooKeeper via insecure ACLs. Anyone with remote > unauthenticated network access to the ZooKeeper quorum, which by definition > includes all HBase clients, can make use of this opening to violate the > operational integrity of the system. For example, critical znodes can be > deleted, causing outages. It is possible to introduce rogue replication > endpoints. It is possible to direct the distributed log splitting facility to > split arbitrary files in HDFS. -- This message was sent by Atlassian JIRA (v6.3.4#6332)