[
https://issues.apache.org/jira/browse/SPARK-57889?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
ASF GitHub Bot updated SPARK-57889:
-----------------------------------
Labels: pull-request-available (was: )
> Authorize StreamRequest consistently with ChunkFetchRequest in the transport
> layer
> ----------------------------------------------------------------------------------
>
> Key: SPARK-57889
> URL: https://issues.apache.org/jira/browse/SPARK-57889
> Project: Spark
> Issue Type: Bug
> Components: Spark Core
> Affects Versions: 5.0.0
> Reporter: Peter Toth
> Priority: Major
> Labels: pull-request-available
>
> The transport layer serves both ChunkFetchRequest and StreamRequest from the
> same StreamManager. ChunkFetchRequestHandler calls
> streamManager.checkAuthorization to enforce per-application ownership
> (clientId == appId), but TransportRequestHandler.processStreamRequest calls
> openStream directly with no such check. Because
> OneForOneStreamManager.openStream addresses the same registered streams by
> their string id ("streamId_chunkIndex"), a StreamRequest can read a stream
> that the ChunkFetchRequest path would have authorized.
> Fix: call streamManager.checkAuthorization in processStreamRequest before
> openStream, mirroring ChunkFetchRequestHandler. Add a
> checkAuthorization(TransportClient, String) overload to StreamManager (no-op
> default), overridden in OneForOneStreamManager to parse the string id and
> delegate to the existing checkAuthorization(TransportClient, long). Like the
> existing ChunkFetchRequest check, this enforces only for authenticated
> clients (non-null client id); behavior is unchanged when authentication is
> disabled.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]