Attila Bukor has posted comments on this change. ( http://gerrit.cloudera.org:8080/16113 )
Change subject: KUDU-3090 Restrict changing ownership of a table ...................................................................... Patch Set 11: (2 comments) http://gerrit.cloudera.org:8080/#/c/16113/10/src/kudu/master/authz_provider.h File src/kudu/master/authz_provider.h: http://gerrit.cloudera.org:8080/#/c/16113/10/src/kudu/master/authz_provider.h@32 PS10, Line 32: lass TablePrivilegePB; : > nit: drop the extra line? Done http://gerrit.cloudera.org:8080/#/c/16113/10/src/kudu/master/catalog_manager.cc File src/kudu/master/catalog_manager.cc: http://gerrit.cloudera.org:8080/#/c/16113/10/src/kudu/master/catalog_manager.cc@2598 PS10, Line 2598: // Change owner requires higher level of privilege (ALL WITH GRANT OPTION, : // or ALL + delegate admin) than other types of alter operations, so if a : // single alter contains an owner change as well as other changes, it's : // sufficient to authorize only the owner change. : i > It seems easy to misconstrue this with a privilege escalation, since we're Done -- To view, visit http://gerrit.cloudera.org:8080/16113 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-Project: kudu Gerrit-Branch: master Gerrit-MessageType: comment Gerrit-Change-Id: I75a8b24364572a84f93826ad670c543abd407bb1 Gerrit-Change-Number: 16113 Gerrit-PatchSet: 11 Gerrit-Owner: Attila Bukor <[email protected]> Gerrit-Reviewer: Andrew Wong <[email protected]> Gerrit-Reviewer: Attila Bukor <[email protected]> Gerrit-Reviewer: Kudu Jenkins (120) Gerrit-Reviewer: Tidy Bot (241) Gerrit-Comment-Date: Wed, 08 Jul 2020 12:17:11 +0000 Gerrit-HasComments: Yes
