[
https://issues.apache.org/jira/browse/SLIDER-931?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14730912#comment-14730912
]
ASF subversion and git services commented on SLIDER-931:
--------------------------------------------------------
Commit 72932530f764087b549b6d052ac45d51e24d1893 in incubator-slider's branch
refs/heads/develop from [[email protected]]
[ https://git-wip-us.apache.org/repos/asf?p=incubator-slider.git;h=7293253 ]
[SLIDER-931] Security permissions on set up ZK path are too lax
> Security permissions on set up ZK path are too lax
> --------------------------------------------------
>
> Key: SLIDER-931
> URL: https://issues.apache.org/jira/browse/SLIDER-931
> Project: Slider
> Issue Type: Bug
> Components: client
> Affects Versions: Slider 0.80
> Reporter: Steve Loughran
> Assignee: Steve Loughran
> Fix For: Slider 0.81
>
> Original Estimate: 0.5h
> Remaining Estimate: 0.5h
>
> Slider creates a unique ZK path for each app launch, deleting it on teardown
> HBase security tests are throwing up that the path is being created world
> writeable, rather than world-read. Being world write means its possible for
> malicious code to replace the path with a different one.
> This is only a risk on a secure cluster; ZK's security model on insecure
> clusters is only a hint that can be bypassed
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
