Csaba Ringhofer created IMPALA-11019:
----------------------------------------
Summary: Errors in column mask processing can leak information
about column
Key: IMPALA-11019
URL: https://issues.apache.org/jira/browse/IMPALA-11019
Project: IMPALA
Issue Type: New Feature
Components: Frontend
Reporter: Csaba Ringhofer
The following error exception can reveal the existance of a column with column
mask even if the user does not have any privilege on the mask:
https://github.com/apache/impala/blob/b692a92fa2a2277a185fb5823592609b4603c0d8/fe/src/main/java/org/apache/impala/authorization/TableMask.java#L95
This leads to not registering the privilege request and also not adding
anything to the audit log.
I don't consider this to be a serious security threat, as not having privilege
on a column BUT having a column mask on it seems unrealistic to me. I still
think that we should fix this for our behavior by hiding the error or
registering a privilege request.
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
