[jira] [Resolved] (ZOOKEEPER-4727) zNode deleted despite not having access rights (zNode with ACL)

Fri, 03 Jan 2025 01:40:47 -0800 


     [ 
https://issues.apache.org/jira/browse/ZOOKEEPER-4727?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Kezhu Wang resolved ZOOKEEPER-4727.
-----------------------------------
    Resolution: Not A Problem

> zNode deleted despite not having access rights (zNode with ACL)
> ---------------------------------------------------------------
>
>                 Key: ZOOKEEPER-4727
>                 URL: https://issues.apache.org/jira/browse/ZOOKEEPER-4727
>             Project: ZooKeeper
>          Issue Type: Bug
>          Components: java client, server
>    Affects Versions: 3.8.1
>            Reporter: Igor Delac
>            Priority: Major
>
> Hello,
>  
> I've found a problem with Zookeeper, allowing any client to delete a zNode 
> regardless of the ACL set for the zNode.
> I'm not sure if this issue is for the ordinary JIRA ticket, or the issue is a 
> vulnerability problem.
>  
> Here are steps I used, to reproduce the problem:
>  
> 1) Create zNode /users.
> 2) Create zNode /users/john.
> {{[zk: localhost:2181(CONNECTED) 1] create /users}}
> {{Created /users}}
> {{[zk: localhost:2181(CONNECTED) 2] create /users/john}}
>  
> 3) Set auth.scheme digest, with password 'john123' on the zNode /users/john.
>  
> 3.1) Generate digest for the user john and password john123.
> {{root@dev-id-client:/opt/zookeeper-3.8.2# java -classpath 'lib/*' 
> org.apache.zookeeper.server.auth.DigestAuthenticationProvider john:john123}}
> {{16:02:56.377 [main] INFO 
> org.apache.zookeeper.server.auth.DigestAuthenticationProvider - ACL digest 
> algorithm is: SHA1}}
> {{john:john123->john:SNEZzLxGQHaYcjRvU8KnG1WX9rU=}}
> {{root@dev-id-client:/opt/zookeeper-3.8.2#}}
>  
> 3.2) Assign ACL for the zNode /users/john.
> {{[zk: localhost:2181(CONNECTED) 6] setAcl /users/john 
> digest:john:SNEZzLxGQHaYcjRvU8KnG1WX9rU=:cdrwa}}
> {{[zk: localhost:2181(CONNECTED) 7]}}
>  
>  
> 4) Test the access to the zNode /users/john. Try to read the ACL.
> {{[zk: localhost:2181(CONNECTED) 7] getAcl /users/john}}
> {{Insufficient permission : /users/john}}
> {{[zk: localhost:2181(CONNECTED) 8]}}
>  
> Here the response makes sense. Because of the zNode ACL set, access is denied.
>  
> 5) Try to delete the zNode /users/john.
> {{[zk: localhost:2181(CONNECTED) 8] delete /users/john}}
> {{[zk: localhost:2181(CONNECTED) 9]}}
>  
> I'd expect here to see *Insufficient permission* message.
>  
> 6) Verify that zNode was successfully deleted.
> {{[zk: localhost:2181(CONNECTED) 9] stat /users/john}}
> {{Node does not exist: /users/john}}
> {{[zk: localhost:2181(CONNECTED) 10]}}
>  
>  
> 7) whoami command shows the following.
>  
> {{[zk: localhost:2181(CONNECTED) 10] whoami}}
> {{Auth scheme: User}}
> {{ip: 127.0.0.1}}
> {{[zk: localhost:2181(CONNECTED) 11]}}
> {{ }}
>  
> In my opinion, delete operation should not be possible if the zNode access 
> was rejected, eg. *getAcl* fails with {*}Insufficient permission : 
> /users/john{*}.
>  



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to