[ 
https://issues.apache.org/jira/browse/ZOOKEEPER-2590?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Edward Ribeiro updated ZOOKEEPER-2590:
--------------------------------------
    Description: 
As hinted  
[here|https://github.com/apache/zookeeper/blob/master/src/java/main/org/apache/zookeeper/server/FinalRequestProcessor.java#L298],
 even if a parent znode path has restricted READ access it's possible to issue 
an exists() operation on any child znode of that given path.

 For example, the snippet below doesn't throw {{NoAuthExceptio}}, even tough it 
removes ACL rights to "/":

{code}
        zk.create("/a", null, Ids.OPEN_ACL_UNSAFE, CreateMode.PERSISTENT);
        ArrayList<ACL> acls = new ArrayList<>();
        acls.add(new ACL(0, Ids.ANYONE_ID_UNSAFE));

        zk.setACL("/", acls, -1);

        Stat r = zk.exists("/a", false);
{code}

Also, in the above example, what if the removed READ access for "/a"? Should we 
allow a call to exists("/a") to succeed even if it returns the znode metadata 
info?

  was:
As hinted  
[here|https://github.com/apache/zookeeper/blob/master/src/java/main/org/apache/zookeeper/server/FinalRequestProcessor.java#L298],
 even if a parent znode path has restricted READ access it's possible to issue 
an exists() operation on any child znode of that given path.

 For example, the snippet below doesn't throw {{NoAuthExceptio}}, even tough it 
removes ACL rights to "/":

{code}
        zk.create("/a", null, Ids.OPEN_ACL_UNSAFE, CreateMode.PERSISTENT);
        ArrayList<ACL> acls = new ArrayList<>();
        acls.add(new ACL(0, Ids.ANYONE_ID_UNSAFE));

        zk.setACL("/", acls, -1);

        Stat r = zk.exists("/a", false);
{code}


> setACL doesn't affect exists() operation
> ----------------------------------------
>
>                 Key: ZOOKEEPER-2590
>                 URL: https://issues.apache.org/jira/browse/ZOOKEEPER-2590
>             Project: ZooKeeper
>          Issue Type: Bug
>            Reporter: Edward Ribeiro
>            Assignee: Edward Ribeiro
>              Labels: acl, security
>
> As hinted  
> [here|https://github.com/apache/zookeeper/blob/master/src/java/main/org/apache/zookeeper/server/FinalRequestProcessor.java#L298],
>  even if a parent znode path has restricted READ access it's possible to 
> issue an exists() operation on any child znode of that given path.
>  For example, the snippet below doesn't throw {{NoAuthExceptio}}, even tough 
> it removes ACL rights to "/":
> {code}
>         zk.create("/a", null, Ids.OPEN_ACL_UNSAFE, CreateMode.PERSISTENT);
>         ArrayList<ACL> acls = new ArrayList<>();
>         acls.add(new ACL(0, Ids.ANYONE_ID_UNSAFE));
>         zk.setACL("/", acls, -1);
>         Stat r = zk.exists("/a", false);
> {code}
> Also, in the above example, what if the removed READ access for "/a"? Should 
> we allow a call to exists("/a") to succeed even if it returns the znode 
> metadata info?



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to