Zsombor Gegesy created RANGER-1707:
--------------------------------------
Summary: Traverse check in RangerHdfsAuthorizer works incorrectly
Key: RANGER-1707
URL: https://issues.apache.org/jira/browse/RANGER-1707
Project: Ranger
Issue Type: Bug
Components: plugins
Affects Versions: 1.0.0
Reporter: Zsombor Gegesy
Assignee: Zsombor Gegesy
Fix For: 1.0.0
Traversal check in RangerHdfsAuthorizer works incorrectly, when it is asked for
access to /a/b/c.txt, it only checks that if there are a policy which grants
EXEC to /a/b, but if it there aren't any, then it doesn't check, if there is a
policy which grants READ, WRITE or EXEC to /a/b/c.txt explicitly, which would
mean, that the path is accessible to the user.
This hasn't noticed by the current unit tests, because HDFS before 2.8.0
doesn't called the traversal check before reading or writing a file, however it
will cause problem with 2.8.0, where FSDirectory.resolvePath will perform a
mandatory traversal check.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
