Re: Review Request 20813: SENTRY-187: Use invariants rather than default for specification of update index level authorization

Mon, 28 Apr 2014 19:31:31 -0700 

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/20813/#review41676
-----------------------------------------------------------

Ship it!


Ship It!

- Vamsee Yarlagadda


On April 28, 2014, 10:54 p.m., Gregory Chanan wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/20813/
> -----------------------------------------------------------
> 
> (Updated April 28, 2014, 10:54 p.m.)
> 
> 
> Review request for sentry and Vamsee Yarlagadda.
> 
> 
> Repository: sentry
> 
> 
> Description
> -------
> 
> NOTE: this requires SENTRY-159 and SENTRY-186.
> 
> we use "defaults" rather than "invariants" for our update index authorization 
> checks. It's possible, if another updateRequestProcessorChain is defined in 
> the solrconfig.xml, that a user could override the default processor chain in 
> order to bypass the update index authorization checks. There aren't any other 
> updateRequestProcessorChains defined in our generated 
> solrconfig.xml/solrconfig.xml.secure, so this shouldn't be a common issue.
> 
> This adds a test that demonstrates the vulnerability and changes the 
> solrconfigs to use invariants.  You'll notice the test fails if you don't 
> apply the invariants changes.
> 
> 
> Diffs
> -----
> 
>   
> sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/AbstractSolrSentryTestBase.java
>  bc36967 
>   
> sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/TestDocLevelOperations.java
>  PRE-CREATION 
>   
> sentry-tests/sentry-tests-solr/src/test/java/org/apache/sentry/tests/e2e/solr/TestUpdateOperations.java
>  d4855da 
>   
> sentry-tests/sentry-tests-solr/src/test/resources/solr/collection1/conf/solrconfig-doclevel.xml
>  PRE-CREATION 
>   
> sentry-tests/sentry-tests-solr/src/test/resources/solr/collection1/conf/solrconfig.xml
>  4276cda 
>   
> sentry-tests/sentry-tests-solr/src/test/resources/solr/sentry/test-authz-provider.ini
>  3e02699 
> 
> Diff: https://reviews.apache.org/r/20813/diff/
> 
> 
> Testing
> -------
> 
> Ran the solr e2e tests.
> 
> 
> Thanks,
> 
> Gregory Chanan
> 
>

Reply via email to