[jira] [Updated] (HDFS-10276) HDFS should not expose path info that user has no permission to see.
[ https://issues.apache.org/jira/browse/HDFS-10276?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Allen Wittenauer updated HDFS-10276: Labels: security (was: ) > HDFS should not expose path info that user has no permission to see. > > > Key: HDFS-10276 > URL: https://issues.apache.org/jira/browse/HDFS-10276 > Project: Hadoop HDFS > Issue Type: Bug > Components: fs, security >Reporter: Kevin Cox >Assignee: Yuanbo Liu >Priority: Major > Labels: security > Fix For: 2.8.0, 2.7.4, 3.0.0-alpha1 > > Attachments: HDFS-10276.001.patch, HDFS-10276.002.patch, > HDFS-10276.003.patch, HDFS-10276.004.patch, HDFS-10276.005.patch, > HDFS-10276.006.patch > > > This following issue is remedied by HDFS-5802. > {quote} > Given you have a file {{/file}} an existence check for the path > {{/file/whatever}} will give different responses for different > implementations of FileSystem. > LocalFileSystem will return false while DistributedFileSystem will throw > {{org.apache.hadoop.security.AccessControlException: Permission denied: ..., > access=EXECUTE, ...}} > {quote} > However, HDFS-5802 may expose information about a path that user doesn't have > permission to see. > For example, if the user asks for /a/b/c, but does not have permission to > list /a, we should not complain about /a/b -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org
[jira] [Updated] (HDFS-10276) HDFS should not expose path info that user has no permission to see.
[ https://issues.apache.org/jira/browse/HDFS-10276?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Allen Wittenauer updated HDFS-10276: Component/s: security fs > HDFS should not expose path info that user has no permission to see. > > > Key: HDFS-10276 > URL: https://issues.apache.org/jira/browse/HDFS-10276 > Project: Hadoop HDFS > Issue Type: Bug > Components: fs, security >Reporter: Kevin Cox >Assignee: Yuanbo Liu >Priority: Major > Labels: security > Fix For: 2.8.0, 2.7.4, 3.0.0-alpha1 > > Attachments: HDFS-10276.001.patch, HDFS-10276.002.patch, > HDFS-10276.003.patch, HDFS-10276.004.patch, HDFS-10276.005.patch, > HDFS-10276.006.patch > > > This following issue is remedied by HDFS-5802. > {quote} > Given you have a file {{/file}} an existence check for the path > {{/file/whatever}} will give different responses for different > implementations of FileSystem. > LocalFileSystem will return false while DistributedFileSystem will throw > {{org.apache.hadoop.security.AccessControlException: Permission denied: ..., > access=EXECUTE, ...}} > {quote} > However, HDFS-5802 may expose information about a path that user doesn't have > permission to see. > For example, if the user asks for /a/b/c, but does not have permission to > list /a, we should not complain about /a/b -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org
[jira] [Updated] (HDFS-10276) HDFS should not expose path info that user has no permission to see.
[ https://issues.apache.org/jira/browse/HDFS-10276?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Zhe Zhang updated HDFS-10276: - Fix Version/s: 2.7.4 > HDFS should not expose path info that user has no permission to see. > > > Key: HDFS-10276 > URL: https://issues.apache.org/jira/browse/HDFS-10276 > Project: Hadoop HDFS > Issue Type: Bug >Reporter: Kevin Cox >Assignee: Yuanbo Liu > Fix For: 2.8.0, 2.7.4, 3.0.0-alpha1 > > Attachments: HDFS-10276.001.patch, HDFS-10276.002.patch, > HDFS-10276.003.patch, HDFS-10276.004.patch, HDFS-10276.005.patch, > HDFS-10276.006.patch > > > This following issue is remedied by HDFS-5802. > {quote} > Given you have a file {{/file}} an existence check for the path > {{/file/whatever}} will give different responses for different > implementations of FileSystem. > LocalFileSystem will return false while DistributedFileSystem will throw > {{org.apache.hadoop.security.AccessControlException: Permission denied: ..., > access=EXECUTE, ...}} > {quote} > However, HDFS-5802 may expose information about a path that user doesn't have > permission to see. > For example, if the user asks for /a/b/c, but does not have permission to > list /a, we should not complain about /a/b -- This message was sent by Atlassian JIRA (v6.3.4#6332) - To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org
[jira] [Updated] (HDFS-10276) HDFS should not expose path info that user has no permission to see.
[ https://issues.apache.org/jira/browse/HDFS-10276?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Yongjun Zhang updated HDFS-10276: - Resolution: Fixed Hadoop Flags: Reviewed Fix Version/s: 2.8.0 Status: Resolved (was: Patch Available) Committed to trunk, branch-2, branch-2.8. Thanks [~yuanbo] for the contribution and other folks for the review and discussion. > HDFS should not expose path info that user has no permission to see. > > > Key: HDFS-10276 > URL: https://issues.apache.org/jira/browse/HDFS-10276 > Project: Hadoop HDFS > Issue Type: Bug >Reporter: Kevin Cox >Assignee: Yuanbo Liu > Fix For: 2.8.0 > > Attachments: HDFS-10276.001.patch, HDFS-10276.002.patch, > HDFS-10276.003.patch, HDFS-10276.004.patch, HDFS-10276.005.patch, > HDFS-10276.006.patch > > > This following issue is remedied by HDFS-5802. > {quote} > Given you have a file {{/file}} an existence check for the path > {{/file/whatever}} will give different responses for different > implementations of FileSystem. > LocalFileSystem will return false while DistributedFileSystem will throw > {{org.apache.hadoop.security.AccessControlException: Permission denied: ..., > access=EXECUTE, ...}} > {quote} > However, HDFS-5802 may expose information about a path that user doesn't have > permission to see. > For example, if the user asks for /a/b/c, but does not have permission to > list /a, we should not complain about /a/b -- This message was sent by Atlassian JIRA (v6.3.4#6332) - To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org
[jira] [Updated] (HDFS-10276) HDFS should not expose path info that user has no permission to see.
[ https://issues.apache.org/jira/browse/HDFS-10276?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Yongjun Zhang updated HDFS-10276: - Description: This following issue is remedied by HDFS-5802. {quote} Given you have a file {{/file}} an existence check for the path {{/file/whatever}} will give different responses for different implementations of FileSystem. LocalFileSystem will return false while DistributedFileSystem will throw {{org.apache.hadoop.security.AccessControlException: Permission denied: ..., access=EXECUTE, ...}} {quote} However, HDFS-5802 may expose information about a path that user doesn't have permission to see. For example, if the user asks for /a/b/c, but does not have permission to list /a, we should not complain about /a/b was: Given you have a file {{/file}} an existence check for the path {{/file/whatever}} will give different responses for different implementations of FileSystem. LocalFileSystem will return false while DistributedFileSystem will throw {{org.apache.hadoop.security.AccessControlException: Permission denied: ..., access=EXECUTE, ...}} This above issue is fixed by HDFS-5802. However, HDFS-5802 may expose information about a path that user doesn't have permission to see. For example, if the user asks for /a/b/c, but does not have permission to list /a, we should not complain about /a/b > HDFS should not expose path info that user has no permission to see. > > > Key: HDFS-10276 > URL: https://issues.apache.org/jira/browse/HDFS-10276 > Project: Hadoop HDFS > Issue Type: Bug >Reporter: Kevin Cox >Assignee: Yuanbo Liu > Attachments: HDFS-10276.001.patch, HDFS-10276.002.patch, > HDFS-10276.003.patch, HDFS-10276.004.patch, HDFS-10276.005.patch, > HDFS-10276.006.patch > > > This following issue is remedied by HDFS-5802. > {quote} > Given you have a file {{/file}} an existence check for the path > {{/file/whatever}} will give different responses for different > implementations of FileSystem. > LocalFileSystem will return false while DistributedFileSystem will throw > {{org.apache.hadoop.security.AccessControlException: Permission denied: ..., > access=EXECUTE, ...}} > {quote} > However, HDFS-5802 may expose information about a path that user doesn't have > permission to see. > For example, if the user asks for /a/b/c, but does not have permission to > list /a, we should not complain about /a/b -- This message was sent by Atlassian JIRA (v6.3.4#6332) - To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org
[jira] [Updated] (HDFS-10276) HDFS should not expose path info that user has no permission to see.
[ https://issues.apache.org/jira/browse/HDFS-10276?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Yongjun Zhang updated HDFS-10276: - Description: Given you have a file {{/file}} an existence check for the path {{/file/whatever}} will give different responses for different implementations of FileSystem. LocalFileSystem will return false while DistributedFileSystem will throw {{org.apache.hadoop.security.AccessControlException: Permission denied: ..., access=EXECUTE, ...}} This above issue is fixed by HDFS-5802. However, HDFS-5802 may expose information about a path that user doesn't have permission to see. For example, if the user asks for /a/b/c, but does not have permission to list /a, we should not complain about /a/b was: Given you have a file {{/file}} an existence check for the path {{/file/whatever}} will give different responses for different implementations of FileSystem. LocalFileSystem will return false while DistributedFileSystem will throw {{org.apache.hadoop.security.AccessControlException: Permission denied: ..., access=EXECUTE, ...}} This above issue is fixed by HDFS-5802. However, HDFS-5802 may expose information about a path that a user doesn't have permission to see. For example, if the user asks for /a/b/c, but does not have permission to list /a, we should not complain about /a/b > HDFS should not expose path info that user has no permission to see. > > > Key: HDFS-10276 > URL: https://issues.apache.org/jira/browse/HDFS-10276 > Project: Hadoop HDFS > Issue Type: Bug >Reporter: Kevin Cox >Assignee: Yuanbo Liu > Attachments: HDFS-10276.001.patch, HDFS-10276.002.patch, > HDFS-10276.003.patch, HDFS-10276.004.patch, HDFS-10276.005.patch, > HDFS-10276.006.patch > > > Given you have a file {{/file}} an existence check for the path > {{/file/whatever}} will give different responses for different > implementations of FileSystem. > LocalFileSystem will return false while DistributedFileSystem will throw > {{org.apache.hadoop.security.AccessControlException: Permission denied: ..., > access=EXECUTE, ...}} > This above issue is fixed by HDFS-5802. However, HDFS-5802 may expose > information about a path that user doesn't have permission to see. > For example, if the user asks for /a/b/c, but does not have permission to > list /a, we should not complain about /a/b -- This message was sent by Atlassian JIRA (v6.3.4#6332) - To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org
[jira] [Updated] (HDFS-10276) HDFS should not expose path info that user has no permission to see.
[ https://issues.apache.org/jira/browse/HDFS-10276?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Yongjun Zhang updated HDFS-10276: - Summary: HDFS should not expose path info that user has no permission to see. (was: HDFS should not expose path info unaccessible to user when checking whether parent is a file) > HDFS should not expose path info that user has no permission to see. > > > Key: HDFS-10276 > URL: https://issues.apache.org/jira/browse/HDFS-10276 > Project: Hadoop HDFS > Issue Type: Bug >Reporter: Kevin Cox >Assignee: Yuanbo Liu > Attachments: HDFS-10276.001.patch, HDFS-10276.002.patch, > HDFS-10276.003.patch, HDFS-10276.004.patch, HDFS-10276.005.patch, > HDFS-10276.006.patch > > > Given you have a file {{/file}} an existence check for the path > {{/file/whatever}} will give different responses for different > implementations of FileSystem. > LocalFileSystem will return false while DistributedFileSystem will throw > {{org.apache.hadoop.security.AccessControlException: Permission denied: ..., > access=EXECUTE, ...}} > This above issue is fixed by HDFS-5802. However, HDFS-5802 may expose > information about a path that a user doesn't have permission to see. > For example, if the user asks for /a/b/c, but does not have permission to > list /a, we should not complain about /a/b -- This message was sent by Atlassian JIRA (v6.3.4#6332) - To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org