Caideyipi commented on PR #17951:
URL: https://github.com/apache/iotdb/pull/17951#issuecomment-4725683373

   I found one new issue that should be fixed before merging:
   
    ead_tsfile does not appear to have an authorization gate for reading 
external server-side files. It is registered as a built-in table function in 
TableMetadataImpl.java, and StatementAnalyzer.visitTableFunctionInvocation() 
directly analyzes it. ReadTsFileTableFunction.analyze() then reads the 
user-supplied PATHS on the DataNode filesystem to collect TsFile schemas. This 
is a different capability from selecting an IoTDB table: any SQL user who can 
invoke the table function can ask the DataNode process to inspect external 
local paths, except for the current data-dir exclusion.
   
   Please add an explicit privilege boundary for this function, for example 
admin / SYSTEM / MAINTAIN or another clearly chosen system privilege, before 
any path access or schema collection happens.
   
   Also, the two earlier issues still look not fully addressed: external TsFile 
resources can still leak if planning/start throws after the resource is 
created, and ATTRIBUTE columns are still silently dropped instead of being 
supported or rejected explicitly.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to