Dan Burkert has posted comments on this change. Change subject: rpc: add basic service and method-level authorization ......................................................................
Patch Set 1: (1 comment) http://gerrit.cloudera.org:8080/#/c/4897/1/src/kudu/rpc/service_if.cc File src/kudu/rpc/service_if.cc: Line 117: // Fall out of the 'if' statement to the normal path. Why are we checking the tracker result before checking authz? Seems like we should always check authz before doing anything, otherwise an attacker could potentially forge a request id. I don't thing we should rely on UUIDs being unguessable if we can avoid it. -- To view, visit http://gerrit.cloudera.org:8080/4897 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-MessageType: comment Gerrit-Change-Id: Ia9206f5f89391d8bccfa30952d2b252900ab6566 Gerrit-PatchSet: 1 Gerrit-Project: kudu Gerrit-Branch: master Gerrit-Owner: Todd Lipcon <[email protected]> Gerrit-Reviewer: Alexey Serbin <[email protected]> Gerrit-Reviewer: Dan Burkert <[email protected]> Gerrit-Reviewer: Kudu Jenkins Gerrit-Reviewer: Tidy Bot Gerrit-HasComments: Yes
