[
https://issues.apache.org/jira/browse/HDDS-11656?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Wei-Chiu Chuang updated HDDS-11656:
-----------------------------------
Description:
Related to HDDS-11655.
We found a cluster where files are created with hundreds of ACLs.
Here's the culprit:
https://github.com/apache/ozone/blob/master/hadoop-ozone/common/src/main/java/org/apache/hadoop/ozone/om/helpers/OzoneAclUtil.java#L66
When creating a file, Ozone client supplies the ACL by composing the current
user's group. The problem is, if Ranger is enabled, these ACLs does not take
effect, but they get saved into KeyInfo regardless.
Potential problems and proposed solutions.
(1) OM does not limit the number of ACLs. That could potentially lead to some
kind of DDoS attack. We should update
OMKeyCreateRequest(WithFSO)/OMFileCreateRequest(WithFSO), OMKeyAclRequest and
its subclasses to add guardrails.
(2) If Ranger is enabled, prune the ACLs provided by the client from KeyInfo in
OMKeyCreateRequest(WithFSO)/OMFileCreateRequest(WithFSO).
was:
Related to HDDS-11655.
We found a cluster where files are created with hundreds of ACLs.
Here's the culprit:
https://github.com/apache/ozone/blob/master/hadoop-ozone/common/src/main/java/org/apache/hadoop/ozone/om/helpers/OzoneAclUtil.java#L66
When creating a file, Ozone client supplies the ACL by composing the current
user's group. The problem is, if Ranger is enabled, these ACLs does not take
effect.
Potential problems and proposed solutions.
(1) OM does not limit the number of ACLs. That could potentially lead to some
kind of DDoS attack. We should update
OMKeyCreateRequest(WithFSO)/OMFileCreateRequest(WithFSO), OMKeyAclRequest and
its subclasses to add guardrails.
(2) If Ranger is enabled, prune the ACLs provided by the client from KeyInfo in
OMKeyCreateRequest(WithFSO)/OMFileCreateRequest(WithFSO).
> KeyInfo has hundreds of ACLs
> ----------------------------
>
> Key: HDDS-11656
> URL: https://issues.apache.org/jira/browse/HDDS-11656
> Project: Apache Ozone
> Issue Type: Bug
> Reporter: Wei-Chiu Chuang
> Priority: Major
>
> Related to HDDS-11655.
> We found a cluster where files are created with hundreds of ACLs.
> Here's the culprit:
> https://github.com/apache/ozone/blob/master/hadoop-ozone/common/src/main/java/org/apache/hadoop/ozone/om/helpers/OzoneAclUtil.java#L66
> When creating a file, Ozone client supplies the ACL by composing the current
> user's group. The problem is, if Ranger is enabled, these ACLs does not take
> effect, but they get saved into KeyInfo regardless.
> Potential problems and proposed solutions.
> (1) OM does not limit the number of ACLs. That could potentially lead to some
> kind of DDoS attack. We should update
> OMKeyCreateRequest(WithFSO)/OMFileCreateRequest(WithFSO), OMKeyAclRequest and
> its subclasses to add guardrails.
> (2) If Ranger is enabled, prune the ACLs provided by the client from KeyInfo
> in OMKeyCreateRequest(WithFSO)/OMFileCreateRequest(WithFSO).
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
