collado-mike commented on PR #1424: URL: https://github.com/apache/polaris/pull/1424#issuecomment-2837368930
> To make this concrete, let me state an example: > > A malicious user has access to credentials for an IAM session that has the following policies: [allow on "s3://a/b/c/d/" with actions "s3:GetObject", allow on "*" with actions "kms:Decrypt"]. > This malicious user also has access to a different set of credentials for an IAM session that has the policy: [allow on "s3://*"]. Say that all objects in S3 are encrypted with SSE-KMS with KMS key k1. Now do the same example with _client-side_ encryption with KMS-managed keys and tell me how the IAM policy prevents the user from decrypting keys for _any_ object in S3. Or how the policy prevents the user from decrypting keys for anything that's not in S3. There's nothing in that policy that prevents the user from using the keys outside of the context of S3-SSE -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@polaris.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
