[
https://issues.apache.org/jira/browse/RANGER-1707?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16193060#comment-16193060
]
Velmurugan Periasamy commented on RANGER-1707:
----------------------------------------------
[~zsombor] - It would be good to check RangerHdfsAuthorizer behavior with
Hadoop 3.0, which is being planned for next month.
https://cwiki.apache.org/confluence/display/HADOOP/Hadoop+3.0.0+release
[~kulkabhay]/[[email protected]]/[~rmani] - any other thoughts?
> Traverse check in RangerHdfsAuthorizer works incorrectly
> --------------------------------------------------------
>
> Key: RANGER-1707
> URL: https://issues.apache.org/jira/browse/RANGER-1707
> Project: Ranger
> Issue Type: Bug
> Components: plugins
> Affects Versions: 1.0.0
> Reporter: Zsombor Gegesy
> Assignee: Zsombor Gegesy
> Labels: hdfs-2.8
> Fix For: 1.0.0
>
> Attachments:
> 0001-RANGER-1707-Fix-hdfs-traverse-check-which-problem-wa.patch
>
>
> Traversal check in RangerHdfsAuthorizer works incorrectly, when it is asked
> for access to /a/b/c.txt, it only checks that if there are a policy which
> grants EXEC to /a/b, but if it there aren't any, then it doesn't check, if
> there is a policy which grants READ, WRITE or EXEC to /a/b/c.txt explicitly,
> which would mean, that the path is accessible to the user.
> This hasn't noticed by the current unit tests, because HDFS before 2.8.0
> doesn't called the traversal check before reading or writing a file, however
> it will cause problem with 2.8.0, where FSDirectory.resolvePath will perform
> a mandatory traversal check.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
