Steve Loughran created SLIDER-931:
-------------------------------------
Summary: Security permissions on set up ZK path are too lax
Key: SLIDER-931
URL: https://issues.apache.org/jira/browse/SLIDER-931
Project: Slider
Issue Type: Bug
Components: client
Affects Versions: Slider 0.80
Reporter: Steve Loughran
Assignee: Steve Loughran
Fix For: Slider 0.81
Slider creates a unique ZK path for each app launch, deleting it on teardown
HBase security tests are throwing up that the path is being created world
writeable, rather than world-read. Being world write means its possible for
malicious code to replace the path with a different one.
This is only a risk on a secure cluster; ZK's security model on insecure
clusters is only a hint that can be bypassed
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
