Peter Toth created SPARK-57889:
----------------------------------
Summary: Authorize StreamRequest consistently with
ChunkFetchRequest in the transport layer
Key: SPARK-57889
URL: https://issues.apache.org/jira/browse/SPARK-57889
Project: Spark
Issue Type: Bug
Components: Spark Core
Affects Versions: 5.0.0
Reporter: Peter Toth
The transport layer serves both ChunkFetchRequest and StreamRequest from the
same StreamManager. ChunkFetchRequestHandler calls
streamManager.checkAuthorization to enforce per-application ownership (clientId
== appId), but TransportRequestHandler.processStreamRequest calls openStream
directly with no such check. Because OneForOneStreamManager.openStream
addresses the same registered streams by their string id
("streamId_chunkIndex"), a StreamRequest can read a stream that the
ChunkFetchRequest path would have authorized.
Fix: call streamManager.checkAuthorization in processStreamRequest before
openStream, mirroring ChunkFetchRequestHandler. Add a
checkAuthorization(TransportClient, String) overload to StreamManager (no-op
default), overridden in OneForOneStreamManager to parse the string id and
delegate to the existing checkAuthorization(TransportClient, long). Like the
existing ChunkFetchRequest check, this enforces only for authenticated clients
(non-null client id); behavior is unchanged when authentication is disabled.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]