[
https://issues.apache.org/jira/browse/SENTRY-1034?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Alexander Kolbasov updated SENTRY-1034:
---------------------------------------
Description:
A possible info leak in the way how beeline connects to databases and uses the
ACLs to prevent seeing unauthorised databases and tables.
It turns out that one can connect to a database that one should not see, but
listing it afterwards gives no tables. This is still somewhat a security breach
as an attacker can gain insight what databases exist.
The way the problem got identified:
root@prod-vm-cdh-mgr-01 ~]# kinit -kt ~test_mval.keytab test_mval
[root@prod-vm-cdh-mgr-01 ~]# beeline
Beeline version 1.1.0-cdh5.4.8 by Apache Hive
beeline> !connect jdbc:hive2://host:10000/testdb;principal=hive/_HOST@ABCD
scan complete in 6ms
Connecting to jdbc:hive2://host:10000/testdb;principal=hive/_HOST@ABCD
Enter username for jdbc:hive2://host:10000/testdb;principal=hive/_HOST@ABCD:
Enter password for jdbc:hive2://host:10000/testdb;principal=hive/_HOST@ABCD:
Connected to: Apache Hive (version 1.1.0-cdh5.4.8)
Driver: Hive JDBC (version 1.1.0-cdh5.4.8)
Transaction isolation: TRANSACTION_REPEATABLE_READ
0: jdbc:hive2://host:10000/testdb> show databases;
-----------------+
database_name
-----------------+
test_mvaldb
default
-----------------+
2 rows selected (0.726 seconds)
0: jdbc:hive2://host:10000/testdb> show tables;
-----------+
tab_name
-----------+
-----------+
No rows selected (1.033 seconds)
0: jdbc:hive2://host:10000/testdb> !quit
Closing: 0: jdbc:hive2://host:10000/testdb;principal=hive/_HOST@ABCD
[root@foo ~]# beeline
Beeline version 1.1.0-cdh5.4.8 by Apache Hive
beeline> !connect
jdbc:hive2://host:10000/asdasdasdasd;principal=hive/_HOST@ABCD
scan complete in 2ms
Connecting to jdbc:hive2://host:10000/asdasdasdasd;principal=hive/_HOST@ABCD
Enter username for
jdbc:hive2://host:10000/asdasdasdasd;principal=hive/_HOST@ABCD:
Enter password for
jdbc:hive2://host:10000/asdasdasdasd;principal=hive/_HOST@ABCD:
Connected to: Apache Hive (version 1.1.0-cdh5.4.8)
Driver: Hive JDBC (version 1.1.0-cdh5.4.8)
Transaction isolation: TRANSACTION_REPEATABLE_READ
0: jdbc:hive2://host:10000/asdas> show tables;
Error: Error while processing statement: FAILED: Execution Error, return code
1 from org.apache.hadoop.hive.ql.exec.DDLTask. Database does not exist:
asdasdasdasd (state=08S01,code=1)
0: jdbc:hive2://host:10000/asdas> !connect
jdbc:hive2://host:10000/testdb;principal=hive/_HOST@ABCD
Connecting to jdbc:hive2://vm-cdh-01:10000/testdb;principal=hive/_HOST@ABCD
Enter username for jdbc:hive2://host:10000/testdb;principal=hive/_HOST@ABCD:
Enter password for jdbc:hive2://host:10000/testdb;principal=hive/_HOST@ABCD:
Connected to: Apache Hive (version 1.1.0-cdh5.4.8)
Driver: Hive JDBC (version 1.1.0-cdh5.4.8)
Transaction isolation: TRANSACTION_REPEATABLE_READ
1: jdbc:hive2://host:10000/testdb> show tables;
-----------+
tab_name
-----------+
-----------+
No rows selected (1.09 seconds)
1: jdbc:hive2://host:10000/testdb>
1: jdbc:hive2://host:10000/testdb>
1: jdbc:hive2://host:10000/testdb>
1: jdbc:hive2://host:10000/testdb>
1: jdbc:hive2://host:10000/testdb>
1: jdbc:hive2://host:10000/testdb> !quit;
Unknown command: quit;
1: jdbc:hive2://host:10000/testdb> !quit;
Unknown command: quit;
1: jdbc:hive2://host:10000/testdb> !quit
was:
A possible info leak in the way how beeline connects to databases and uses the
ACLs to prevent seeing unauthorised databases and tables.
It turns out that one can connect to a database that one should not see, but
listing it afterwards gives no tables. This is still somewhat a security breach
as an attacker can gain insight what databases exist.
The way the problem got identified:
root@prod-vm-cdh-mgr-01 ~]# kinit -kt ~test_mval.keytab test_mval
[root@prod-vm-cdh-mgr-01 ~]# beeline
Beeline version 1.1.0-cdh5.4.8 by Apache Hive
beeline> !connect
jdbc:hive2://vm-cdh-01:10000/testdb;principal=hive/_HOST@MITKDC
scan complete in 6ms
Connecting to jdbc:hive2://vm-cdh-01:10000/testdb;principal=hive/_HOST@MITKDC
Enter username for
jdbc:hive2://vm-cdh-01:10000/testdb;principal=hive/_HOST@MITKDC:
Enter password for
jdbc:hive2://vm-cdh-01:10000/testdb;principal=hive/_HOST@MITKDC:
Connected to: Apache Hive (version 1.1.0-cdh5.4.8)
Driver: Hive JDBC (version 1.1.0-cdh5.4.8)
Transaction isolation: TRANSACTION_REPEATABLE_READ
0: jdbc:hive2://vm-cdh-01:10000/testdb> show databases;
-----------------+
database_name
-----------------+
test_mvaldb
default
-----------------+
2 rows selected (0.726 seconds)
0: jdbc:hive2://vm-cdh-01:10000/testdb> show tables;
-----------+
tab_name
-----------+
-----------+
No rows selected (1.033 seconds)
0: jdbc:hive2://vm-cdh-01:10000/testdb> !quit
Closing: 0: jdbc:hive2://vm-cdh-01:10000/testdb;principal=hive/_HOST@MITKDC
[root@prod-vm-cdh-mgr-01 ~]# beeline
Beeline version 1.1.0-cdh5.4.8 by Apache Hive
beeline> !connect
jdbc:hive2://vm-cdh-01:10000/asdasdasdasd;principal=hive/_HOST@MITKDC
scan complete in 2ms
Connecting to
jdbc:hive2://vm-cdh-01:10000/asdasdasdasd;principal=hive/_HOST@MITKDC
Enter username for
jdbc:hive2://vm-cdh-01:10000/asdasdasdasd;principal=hive/_HOST@MITKDC:
Enter password for
jdbc:hive2://vm-cdh-01:10000/asdasdasdasd;principal=hive/_HOST@MITKDC:
Connected to: Apache Hive (version 1.1.0-cdh5.4.8)
Driver: Hive JDBC (version 1.1.0-cdh5.4.8)
Transaction isolation: TRANSACTION_REPEATABLE_READ
0: jdbc:hive2://vm-cdh-01:10000/asdas> show tables;
Error: Error while processing statement: FAILED: Execution Error, return code 1
from org.apache.hadoop.hive.ql.exec.DDLTask. Database does not exist:
asdasdasdasd (state=08S01,code=1)
0: jdbc:hive2://vm-cdh-01:10000/asdas> !connect
jdbc:hive2://vm-cdh-01:10000/testdb;principal=hive/_HOST@MITKDC
Connecting to jdbc:hive2://vm-cdh-01:10000/testdb;principal=hive/_HOST@MITKDC
Enter username for
jdbc:hive2://vm-cdh-01:10000/testdb;principal=hive/_HOST@MITKDC:
Enter password for
jdbc:hive2://vm-cdh-01:10000/testdb;principal=hive/_HOST@MITKDC:
Connected to: Apache Hive (version 1.1.0-cdh5.4.8)
Driver: Hive JDBC (version 1.1.0-cdh5.4.8)
Transaction isolation: TRANSACTION_REPEATABLE_READ
1: jdbc:hive2://vm-cdh-01:10000/testdb> show tables;
-----------+
tab_name
-----------+
-----------+
No rows selected (1.09 seconds)
1: jdbc:hive2://vm-cdh-01:10000/testdb>
1: jdbc:hive2://vm-cdh-01:10000/testdb>
1: jdbc:hive2://vm-cdh-01:10000/testdb>
1: jdbc:hive2://vm-cdh-01:10000/testdb>
1: jdbc:hive2://vm-cdh-01:10000/testdb>
1: jdbc:hive2://vm-cdh-01:10000/testdb> !quit;
Unknown command: quit;
1: jdbc:hive2://vm-cdh-01:10000/testdb> !quit;
Unknown command: quit;
1: jdbc:hive2://vm-cdh-01:10000/testdb> !quit
> Fix beeline connecting to db
> ----------------------------
>
> Key: SENTRY-1034
> URL: https://issues.apache.org/jira/browse/SENTRY-1034
> Project: Sentry
> Issue Type: Bug
> Components: Core
> Reporter: Istvan Vajnorak
> Priority: Major
>
> A possible info leak in the way how beeline connects to databases and uses
> the ACLs to prevent seeing unauthorised databases and tables.
> It turns out that one can connect to a database that one should not see, but
> listing it afterwards gives no tables. This is still somewhat a security
> breach as an attacker can gain insight what databases exist.
> The way the problem got identified:
> root@prod-vm-cdh-mgr-01 ~]# kinit -kt ~test_mval.keytab test_mval
> [root@prod-vm-cdh-mgr-01 ~]# beeline
> Beeline version 1.1.0-cdh5.4.8 by Apache Hive
> beeline> !connect jdbc:hive2://host:10000/testdb;principal=hive/_HOST@ABCD
> scan complete in 6ms
> Connecting to jdbc:hive2://host:10000/testdb;principal=hive/_HOST@ABCD
> Enter username for jdbc:hive2://host:10000/testdb;principal=hive/_HOST@ABCD:
> Enter password for jdbc:hive2://host:10000/testdb;principal=hive/_HOST@ABCD:
> Connected to: Apache Hive (version 1.1.0-cdh5.4.8)
> Driver: Hive JDBC (version 1.1.0-cdh5.4.8)
> Transaction isolation: TRANSACTION_REPEATABLE_READ
> 0: jdbc:hive2://host:10000/testdb> show databases;
> -----------------+
> database_name
> -----------------+
> test_mvaldb
> default
> -----------------+
> 2 rows selected (0.726 seconds)
> 0: jdbc:hive2://host:10000/testdb> show tables;
> -----------+
> tab_name
> -----------+
> -----------+
> No rows selected (1.033 seconds)
> 0: jdbc:hive2://host:10000/testdb> !quit
> Closing: 0: jdbc:hive2://host:10000/testdb;principal=hive/_HOST@ABCD
> [root@foo ~]# beeline
> Beeline version 1.1.0-cdh5.4.8 by Apache Hive
> beeline> !connect
> jdbc:hive2://host:10000/asdasdasdasd;principal=hive/_HOST@ABCD
> scan complete in 2ms
> Connecting to jdbc:hive2://host:10000/asdasdasdasd;principal=hive/_HOST@ABCD
> Enter username for
> jdbc:hive2://host:10000/asdasdasdasd;principal=hive/_HOST@ABCD:
> Enter password for
> jdbc:hive2://host:10000/asdasdasdasd;principal=hive/_HOST@ABCD:
> Connected to: Apache Hive (version 1.1.0-cdh5.4.8)
> Driver: Hive JDBC (version 1.1.0-cdh5.4.8)
> Transaction isolation: TRANSACTION_REPEATABLE_READ
> 0: jdbc:hive2://host:10000/asdas> show tables;
> Error: Error while processing statement: FAILED: Execution Error, return
> code 1 from org.apache.hadoop.hive.ql.exec.DDLTask. Database does not exist:
> asdasdasdasd (state=08S01,code=1)
> 0: jdbc:hive2://host:10000/asdas> !connect
> jdbc:hive2://host:10000/testdb;principal=hive/_HOST@ABCD
> Connecting to jdbc:hive2://vm-cdh-01:10000/testdb;principal=hive/_HOST@ABCD
> Enter username for jdbc:hive2://host:10000/testdb;principal=hive/_HOST@ABCD:
> Enter password for jdbc:hive2://host:10000/testdb;principal=hive/_HOST@ABCD:
> Connected to: Apache Hive (version 1.1.0-cdh5.4.8)
> Driver: Hive JDBC (version 1.1.0-cdh5.4.8)
> Transaction isolation: TRANSACTION_REPEATABLE_READ
> 1: jdbc:hive2://host:10000/testdb> show tables;
> -----------+
> tab_name
> -----------+
> -----------+
> No rows selected (1.09 seconds)
> 1: jdbc:hive2://host:10000/testdb>
> 1: jdbc:hive2://host:10000/testdb>
> 1: jdbc:hive2://host:10000/testdb>
> 1: jdbc:hive2://host:10000/testdb>
> 1: jdbc:hive2://host:10000/testdb>
> 1: jdbc:hive2://host:10000/testdb> !quit;
> Unknown command: quit;
> 1: jdbc:hive2://host:10000/testdb> !quit;
> Unknown command: quit;
> 1: jdbc:hive2://host:10000/testdb> !quit
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
