[
https://issues.apache.org/jira/browse/HBASE-15132?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15110937#comment-15110937
]
Ted Yu commented on HBASE-15132:
--------------------------------
bq. We don't want a post hook?
I am not aware of use case which needs the post hook. When the requirement
comes, we can add later.
The rest of review comments are addressed in patch v2.
> Master region merge RPC should authorize user request
> -----------------------------------------------------
>
> Key: HBASE-15132
> URL: https://issues.apache.org/jira/browse/HBASE-15132
> Project: HBase
> Issue Type: Bug
> Reporter: Ted Yu
> Assignee: Ted Yu
> Attachments: HBASE-15132.v1.patch
>
>
> The normal flow for region merge is:
> 1. client sends a master RPC for dispatch merge regions
> 2. master moves the regions to the same regionserver
> 3. master calls mergeRegions RPC on the regionserver.
> For user initiated region merge, MasterRpcServices#dispatchMergingRegions()
> is called by HBaseAdmin.
> There is no coprocessor invocation in step 1.
> Step 3 is carried out in the "hbase" user context.
> This leaves potential security hole - any user without proper authorization
> can merge regions of any table.
> Thanks to Enis who spotted this flaw first.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
