[ https://issues.apache.org/jira/browse/HBASE-15132?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Ted Yu updated HBASE-15132: --------------------------- Attachment: HBASE-15132.v7.patch Patch v7 wraps call to master.cpHost.postDispatchMerge() in doAs() > Master region merge RPC should authorize user request > ----------------------------------------------------- > > Key: HBASE-15132 > URL: https://issues.apache.org/jira/browse/HBASE-15132 > Project: HBase > Issue Type: Bug > Reporter: Ted Yu > Assignee: Ted Yu > Attachments: HBASE-15132-branch-1.v6.patch, HBASE-15132.v1.patch, > HBASE-15132.v2.patch, HBASE-15132.v4.patch, HBASE-15132.v5.patch, > HBASE-15132.v6.patch, HBASE-15132.v7.patch > > > The normal flow for region merge is: > 1. client sends a master RPC for dispatch merge regions > 2. master moves the regions to the same regionserver > 3. master calls mergeRegions RPC on the regionserver. > For user initiated region merge, MasterRpcServices#dispatchMergingRegions() > is called by HBaseAdmin. > There is no coprocessor invocation in step 1. > Step 3 is carried out in the "hbase" user context. > This leaves potential security hole - any user without proper authorization > can merge regions of any table. > Thanks to Enis who spotted this flaw first. -- This message was sent by Atlassian JIRA (v6.3.4#6332)