[jira] [Updated] (HDFS-10276) HDFS should not expose path info that user has no permission to see.
[
https://issues.apache.org/jira/browse/HDFS-10276?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Allen Wittenauer updated HDFS-10276:
Labels: security (was: )
> HDFS should not expose path info that user has no permission to see.
>
>
> Key: HDFS-10276
> URL: https://issues.apache.org/jira/browse/HDFS-10276
> Project: Hadoop HDFS
> Issue Type: Bug
> Components: fs, security
>Reporter: Kevin Cox
>Assignee: Yuanbo Liu
>Priority: Major
> Labels: security
> Fix For: 2.8.0, 2.7.4, 3.0.0-alpha1
>
> Attachments: HDFS-10276.001.patch, HDFS-10276.002.patch,
> HDFS-10276.003.patch, HDFS-10276.004.patch, HDFS-10276.005.patch,
> HDFS-10276.006.patch
>
>
> This following issue is remedied by HDFS-5802.
> {quote}
> Given you have a file {{/file}} an existence check for the path
> {{/file/whatever}} will give different responses for different
> implementations of FileSystem.
> LocalFileSystem will return false while DistributedFileSystem will throw
> {{org.apache.hadoop.security.AccessControlException: Permission denied: ...,
> access=EXECUTE, ...}}
> {quote}
> However, HDFS-5802 may expose information about a path that user doesn't have
> permission to see.
> For example, if the user asks for /a/b/c, but does not have permission to
> list /a, we should not complain about /a/b
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
-
To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org
[jira] [Updated] (HDFS-10276) HDFS should not expose path info that user has no permission to see.
[
https://issues.apache.org/jira/browse/HDFS-10276?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Allen Wittenauer updated HDFS-10276:
Component/s: security
fs
> HDFS should not expose path info that user has no permission to see.
>
>
> Key: HDFS-10276
> URL: https://issues.apache.org/jira/browse/HDFS-10276
> Project: Hadoop HDFS
> Issue Type: Bug
> Components: fs, security
>Reporter: Kevin Cox
>Assignee: Yuanbo Liu
>Priority: Major
> Labels: security
> Fix For: 2.8.0, 2.7.4, 3.0.0-alpha1
>
> Attachments: HDFS-10276.001.patch, HDFS-10276.002.patch,
> HDFS-10276.003.patch, HDFS-10276.004.patch, HDFS-10276.005.patch,
> HDFS-10276.006.patch
>
>
> This following issue is remedied by HDFS-5802.
> {quote}
> Given you have a file {{/file}} an existence check for the path
> {{/file/whatever}} will give different responses for different
> implementations of FileSystem.
> LocalFileSystem will return false while DistributedFileSystem will throw
> {{org.apache.hadoop.security.AccessControlException: Permission denied: ...,
> access=EXECUTE, ...}}
> {quote}
> However, HDFS-5802 may expose information about a path that user doesn't have
> permission to see.
> For example, if the user asks for /a/b/c, but does not have permission to
> list /a, we should not complain about /a/b
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
-
To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org
[jira] [Updated] (HDFS-10276) HDFS should not expose path info that user has no permission to see.
[
https://issues.apache.org/jira/browse/HDFS-10276?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Zhe Zhang updated HDFS-10276:
-
Fix Version/s: 2.7.4
> HDFS should not expose path info that user has no permission to see.
>
>
> Key: HDFS-10276
> URL: https://issues.apache.org/jira/browse/HDFS-10276
> Project: Hadoop HDFS
> Issue Type: Bug
>Reporter: Kevin Cox
>Assignee: Yuanbo Liu
> Fix For: 2.8.0, 2.7.4, 3.0.0-alpha1
>
> Attachments: HDFS-10276.001.patch, HDFS-10276.002.patch,
> HDFS-10276.003.patch, HDFS-10276.004.patch, HDFS-10276.005.patch,
> HDFS-10276.006.patch
>
>
> This following issue is remedied by HDFS-5802.
> {quote}
> Given you have a file {{/file}} an existence check for the path
> {{/file/whatever}} will give different responses for different
> implementations of FileSystem.
> LocalFileSystem will return false while DistributedFileSystem will throw
> {{org.apache.hadoop.security.AccessControlException: Permission denied: ...,
> access=EXECUTE, ...}}
> {quote}
> However, HDFS-5802 may expose information about a path that user doesn't have
> permission to see.
> For example, if the user asks for /a/b/c, but does not have permission to
> list /a, we should not complain about /a/b
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
-
To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org
[jira] [Updated] (HDFS-10276) HDFS should not expose path info that user has no permission to see.
[
https://issues.apache.org/jira/browse/HDFS-10276?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Yongjun Zhang updated HDFS-10276:
-
Resolution: Fixed
Hadoop Flags: Reviewed
Fix Version/s: 2.8.0
Status: Resolved (was: Patch Available)
Committed to trunk, branch-2, branch-2.8.
Thanks [~yuanbo] for the contribution and other folks for the review and
discussion.
> HDFS should not expose path info that user has no permission to see.
>
>
> Key: HDFS-10276
> URL: https://issues.apache.org/jira/browse/HDFS-10276
> Project: Hadoop HDFS
> Issue Type: Bug
>Reporter: Kevin Cox
>Assignee: Yuanbo Liu
> Fix For: 2.8.0
>
> Attachments: HDFS-10276.001.patch, HDFS-10276.002.patch,
> HDFS-10276.003.patch, HDFS-10276.004.patch, HDFS-10276.005.patch,
> HDFS-10276.006.patch
>
>
> This following issue is remedied by HDFS-5802.
> {quote}
> Given you have a file {{/file}} an existence check for the path
> {{/file/whatever}} will give different responses for different
> implementations of FileSystem.
> LocalFileSystem will return false while DistributedFileSystem will throw
> {{org.apache.hadoop.security.AccessControlException: Permission denied: ...,
> access=EXECUTE, ...}}
> {quote}
> However, HDFS-5802 may expose information about a path that user doesn't have
> permission to see.
> For example, if the user asks for /a/b/c, but does not have permission to
> list /a, we should not complain about /a/b
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
-
To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org
[jira] [Updated] (HDFS-10276) HDFS should not expose path info that user has no permission to see.
[
https://issues.apache.org/jira/browse/HDFS-10276?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Yongjun Zhang updated HDFS-10276:
-
Description:
This following issue is remedied by HDFS-5802.
{quote}
Given you have a file {{/file}} an existence check for the path
{{/file/whatever}} will give different responses for different implementations
of FileSystem.
LocalFileSystem will return false while DistributedFileSystem will throw
{{org.apache.hadoop.security.AccessControlException: Permission denied: ...,
access=EXECUTE, ...}}
{quote}
However, HDFS-5802 may expose information about a path that user doesn't have
permission to see.
For example, if the user asks for /a/b/c, but does not have permission to list
/a, we should not complain about /a/b
was:
Given you have a file {{/file}} an existence check for the path
{{/file/whatever}} will give different responses for different implementations
of FileSystem.
LocalFileSystem will return false while DistributedFileSystem will throw
{{org.apache.hadoop.security.AccessControlException: Permission denied: ...,
access=EXECUTE, ...}}
This above issue is fixed by HDFS-5802. However, HDFS-5802 may expose
information about a path that user doesn't have permission to see.
For example, if the user asks for /a/b/c, but does not have permission to list
/a, we should not complain about /a/b
> HDFS should not expose path info that user has no permission to see.
>
>
> Key: HDFS-10276
> URL: https://issues.apache.org/jira/browse/HDFS-10276
> Project: Hadoop HDFS
> Issue Type: Bug
>Reporter: Kevin Cox
>Assignee: Yuanbo Liu
> Attachments: HDFS-10276.001.patch, HDFS-10276.002.patch,
> HDFS-10276.003.patch, HDFS-10276.004.patch, HDFS-10276.005.patch,
> HDFS-10276.006.patch
>
>
> This following issue is remedied by HDFS-5802.
> {quote}
> Given you have a file {{/file}} an existence check for the path
> {{/file/whatever}} will give different responses for different
> implementations of FileSystem.
> LocalFileSystem will return false while DistributedFileSystem will throw
> {{org.apache.hadoop.security.AccessControlException: Permission denied: ...,
> access=EXECUTE, ...}}
> {quote}
> However, HDFS-5802 may expose information about a path that user doesn't have
> permission to see.
> For example, if the user asks for /a/b/c, but does not have permission to
> list /a, we should not complain about /a/b
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
-
To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org
[jira] [Updated] (HDFS-10276) HDFS should not expose path info that user has no permission to see.
[
https://issues.apache.org/jira/browse/HDFS-10276?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Yongjun Zhang updated HDFS-10276:
-
Description:
Given you have a file {{/file}} an existence check for the path
{{/file/whatever}} will give different responses for different implementations
of FileSystem.
LocalFileSystem will return false while DistributedFileSystem will throw
{{org.apache.hadoop.security.AccessControlException: Permission denied: ...,
access=EXECUTE, ...}}
This above issue is fixed by HDFS-5802. However, HDFS-5802 may expose
information about a path that user doesn't have permission to see.
For example, if the user asks for /a/b/c, but does not have permission to list
/a, we should not complain about /a/b
was:
Given you have a file {{/file}} an existence check for the path
{{/file/whatever}} will give different responses for different implementations
of FileSystem.
LocalFileSystem will return false while DistributedFileSystem will throw
{{org.apache.hadoop.security.AccessControlException: Permission denied: ...,
access=EXECUTE, ...}}
This above issue is fixed by HDFS-5802. However, HDFS-5802 may expose
information about a path that a user doesn't have permission to see.
For example, if the user asks for /a/b/c, but does not have permission to list
/a, we should not complain about /a/b
> HDFS should not expose path info that user has no permission to see.
>
>
> Key: HDFS-10276
> URL: https://issues.apache.org/jira/browse/HDFS-10276
> Project: Hadoop HDFS
> Issue Type: Bug
>Reporter: Kevin Cox
>Assignee: Yuanbo Liu
> Attachments: HDFS-10276.001.patch, HDFS-10276.002.patch,
> HDFS-10276.003.patch, HDFS-10276.004.patch, HDFS-10276.005.patch,
> HDFS-10276.006.patch
>
>
> Given you have a file {{/file}} an existence check for the path
> {{/file/whatever}} will give different responses for different
> implementations of FileSystem.
> LocalFileSystem will return false while DistributedFileSystem will throw
> {{org.apache.hadoop.security.AccessControlException: Permission denied: ...,
> access=EXECUTE, ...}}
> This above issue is fixed by HDFS-5802. However, HDFS-5802 may expose
> information about a path that user doesn't have permission to see.
> For example, if the user asks for /a/b/c, but does not have permission to
> list /a, we should not complain about /a/b
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
-
To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org
[jira] [Updated] (HDFS-10276) HDFS should not expose path info that user has no permission to see.
[
https://issues.apache.org/jira/browse/HDFS-10276?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Yongjun Zhang updated HDFS-10276:
-
Summary: HDFS should not expose path info that user has no permission to
see. (was: HDFS should not expose path info unaccessible to user when checking
whether parent is a file)
> HDFS should not expose path info that user has no permission to see.
>
>
> Key: HDFS-10276
> URL: https://issues.apache.org/jira/browse/HDFS-10276
> Project: Hadoop HDFS
> Issue Type: Bug
>Reporter: Kevin Cox
>Assignee: Yuanbo Liu
> Attachments: HDFS-10276.001.patch, HDFS-10276.002.patch,
> HDFS-10276.003.patch, HDFS-10276.004.patch, HDFS-10276.005.patch,
> HDFS-10276.006.patch
>
>
> Given you have a file {{/file}} an existence check for the path
> {{/file/whatever}} will give different responses for different
> implementations of FileSystem.
> LocalFileSystem will return false while DistributedFileSystem will throw
> {{org.apache.hadoop.security.AccessControlException: Permission denied: ...,
> access=EXECUTE, ...}}
> This above issue is fixed by HDFS-5802. However, HDFS-5802 may expose
> information about a path that a user doesn't have permission to see.
> For example, if the user asks for /a/b/c, but does not have permission to
> list /a, we should not complain about /a/b
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
-
To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org
