[
https://issues.apache.org/jira/browse/COUCHDB-2325?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14128474#comment-14128474
]
Paul Joseph Davis commented on COUCHDB-2325:
--------------------------------------------
LGTM. Good call on passing sync in there to drop down to erlang:send. The only
thing that worried me for the change was the monitoring but reviewing that code
path shows its boils down to basically [node() | nodes()] plus a spawn_link.
+1
> fabric:get_security/2 can return security objects from nodes that are in
> maintenance mode
> -----------------------------------------------------------------------------------------
>
> Key: COUCHDB-2325
> URL: https://issues.apache.org/jira/browse/COUCHDB-2325
> Project: CouchDB
> Issue Type: Bug
> Security Level: public(Regular issues)
> Components: BigCouch
> Reporter: Mike Wallace
> Fix For: 2.0.0
>
>
> Currently, fabric:get_security/2 calls fabric_util:get_db/2 and if the node
> servicing a request does not have a shard for the db then
> fabric_util:get_db/2 can return a shard from a node which is in maintenance
> mode.
> If that node is a replacement node that has not yet been brought into the
> cluster then the security object will be empty. Because fabric:get_security/2
> is in the code path for authorizing requests at the HTTP layer this can
> result in live nodes returning 403s. I have verified that this issue exists
> even though cassim now handles authorization (cassim eventually makes the
> same call to fabric:get_security/2).
> The crux of the problem is that the algorithm used by fabric_util:get_db/2
> doesn't account for the possibility of nodes being in maintenance mode.
> See https://gist.github.com/mikewallace1979/8d01bb8661a50762bfc3 for the
> steps to reproduce locally.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
