[
https://issues.apache.org/jira/browse/SLIDER-931?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Steve Loughran resolved SLIDER-931.
-----------------------------------
Resolution: Fixed
> Security permissions on set up ZK path are too lax
> --------------------------------------------------
>
> Key: SLIDER-931
> URL: https://issues.apache.org/jira/browse/SLIDER-931
> Project: Slider
> Issue Type: Bug
> Components: client
> Affects Versions: Slider 0.80
> Reporter: Steve Loughran
> Assignee: Steve Loughran
> Fix For: Slider 0.81
>
> Original Estimate: 0.5h
> Remaining Estimate: 0.5h
>
> Slider creates a unique ZK path for each app launch, deleting it on teardown
> HBase security tests are throwing up that the path is being created world
> writeable, rather than world-read. Being world write means its possible for
> malicious code to replace the path with a different one.
> This is only a risk on a secure cluster; ZK's security model on insecure
> clusters is only a hint that can be bypassed
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
