[
https://issues.apache.org/jira/browse/RANGER-1707?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16203795#comment-16203795
]
Zsombor Gegesy commented on RANGER-1707:
----------------------------------------
Running the tests with 3.0.0-beta1 show the same, changed behaviour, which is
fixed by this patch. However, there will be other problems preventing a
flawless upgrade to 3.0.
I've noticed that this needs hbase 2.0, which has breaking changes for Ranger,
and the KMS part is too in a bad shape.
> Traverse check in RangerHdfsAuthorizer works incorrectly
> --------------------------------------------------------
>
> Key: RANGER-1707
> URL: https://issues.apache.org/jira/browse/RANGER-1707
> Project: Ranger
> Issue Type: Bug
> Components: plugins
> Affects Versions: 1.0.0
> Reporter: Zsombor Gegesy
> Assignee: Zsombor Gegesy
> Labels: hdfs-2.8
> Fix For: 1.0.0
>
> Attachments:
> 0001-RANGER-1707-Fix-hdfs-traverse-check-which-problem-wa.patch
>
>
> Traversal check in RangerHdfsAuthorizer works incorrectly, when it is asked
> for access to /a/b/c.txt, it only checks that if there are a policy which
> grants EXEC to /a/b, but if it there aren't any, then it doesn't check, if
> there is a policy which grants READ, WRITE or EXEC to /a/b/c.txt explicitly,
> which would mean, that the path is accessible to the user.
> This hasn't noticed by the current unit tests, because HDFS before 2.8.0
> doesn't called the traversal check before reading or writing a file, however
> it will cause problem with 2.8.0, where FSDirectory.resolvePath will perform
> a mandatory traversal check.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
