[
https://issues.apache.org/jira/browse/RANGER-1707?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16262719#comment-16262719
]
Velmurugan Periasamy commented on RANGER-1707:
----------------------------------------------
[[email protected]]/[~abhayk] - could you please review the latest patch?
> Traverse check in RangerHdfsAuthorizer works incorrectly
> --------------------------------------------------------
>
> Key: RANGER-1707
> URL: https://issues.apache.org/jira/browse/RANGER-1707
> Project: Ranger
> Issue Type: Bug
> Components: plugins
> Affects Versions: 1.0.0
> Reporter: Zsombor Gegesy
> Assignee: Zsombor Gegesy
> Labels: hdfs-2.8
> Fix For: 1.0.0
>
> Attachments:
> 0001-RANGER-1707-Fix-hdfs-traverse-check-which-problem-wa.patch,
> RANGER-1707-2.patch, RANGER-1707-3.patch
>
>
> Traversal check in RangerHdfsAuthorizer works incorrectly, when it is asked
> for access to /a/b/c.txt, it only checks that if there are a policy which
> grants EXEC to /a/b, but if it there aren't any, then it doesn't check, if
> there is a policy which grants READ, WRITE or EXEC to /a/b/c.txt explicitly,
> which would mean, that the path is accessible to the user.
> This hasn't noticed by the current unit tests, because HDFS before 2.8.0
> doesn't called the traversal check before reading or writing a file, however
> it will cause problem with 2.8.0, where FSDirectory.resolvePath will perform
> a mandatory traversal check.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
