Caideyipi commented on PR #17951:
URL: https://github.com/apache/iotdb/pull/17951#issuecomment-4725683373
I found one new issue that should be fixed before merging:
ead_tsfile does not appear to have an authorization gate for reading
external server-side files. It is registered as a built-in table function in
TableMetadataImpl.java, and StatementAnalyzer.visitTableFunctionInvocation()
directly analyzes it. ReadTsFileTableFunction.analyze() then reads the
user-supplied PATHS on the DataNode filesystem to collect TsFile schemas. This
is a different capability from selecting an IoTDB table: any SQL user who can
invoke the table function can ask the DataNode process to inspect external
local paths, except for the current data-dir exclusion.
Please add an explicit privilege boundary for this function, for example
admin / SYSTEM / MAINTAIN or another clearly chosen system privilege, before
any path access or schema collection happens.
Also, the two earlier issues still look not fully addressed: external TsFile
resources can still leak if planning/start throws after the resource is
created, and ATTRIBUTE columns are still silently dropped instead of being
supported or rejected explicitly.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]