github-actions[bot] commented on code in PR #65551:
URL: https://github.com/apache/doris/pull/65551#discussion_r3584588648
##########
fe/fe-core/src/main/java/org/apache/doris/httpv2/meta/MetaService.java:
##########
@@ -245,9 +296,7 @@ public Object check(HttpServletRequest request,
HttpServletResponse response) th
@RequestMapping(value = "/dump", method = RequestMethod.GET)
public Object dump(HttpServletRequest request, HttpServletResponse
response) throws DdlException {
- if (Config.enable_all_http_auth) {
- executeCheckPassword(request, response);
- }
+ executeCheckPassword(request, response);
Review Comment:
`executeCheckPassword()` only proves the caller has valid credentials; it
does not enforce any privilege. Since `/dump` is excluded from
`AuthInterceptor`, this lets any Basic-authenticated user call
`Env.dumpImage()`, which takes the catalog/db/table locks, writes a full
metadata image, and returns its server-side path. This should be ADMIN-gated
like the other metadata/debug operations: capture the returned
`ActionAuthorizationInfo` and call `checkGlobalAuth(authInfo.userIdentity,
PrivPredicate.ADMIN)` before dumping, with a negative test for an authenticated
non-admin user.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]