Details
-
Type:
extRequest
-
Status: Closed
-
Priority:
Major
-
Resolution: Done
-
Fix Version/s: 2021
-
Component/s: FIWARE-TECH-HELP
-
Labels:None
-
Sender Email:
-
HD-Chapter:Data
-
HD-Enabler:Cosmos
Description
Hello,
I was working with a coworker on Cosmos (trying to make Hive queries) and
we encounter a security issue.
When we log in to Cosmos, we can only access our own HDFS user space . The
problem come from Hive, any user can list every tables existing in the
cosmos node , and can query them .
We noticed that when my coworker who didn't remember the exact name of his
Hive table launch the command "show table" . He was able to see every
tables from any users that exists in Cosmos . We were a little suspicious ,
so I told him to try to query my own table and it worked. I guess we can
then access any tables on your system.
Have you way to fix that? Is there any configuration to make a tables
private?
Best regards .
–
Guillaume Jourdain.
_______________________________________________
Fiware-lab-help mailing list
Fiware-lab-help@lists.fi-ware.org
https://lists.fi-ware.org/listinfo/fiware-lab-help
[Created via e-mail received from: Guillaume Jourdain <guillaume.jourdain@4planet.eu>]
Activity
Dear Guillaume,
You are right, the tables are currently visible by any user. Nevertheless, the fix is very easy. Tell me which is your HDFS user and which are the tables you want to make only "selectable" by you.
Anyway, was the Hive table created by you or by Cygnus (the tool for persisting in HDFS Orion context data)?
Regards,
Francisco
This was fixed sometime ago.
Dear Guillaume,
I have just forwarded your request to the Cosmos support team.
Best regards
Marco
Da: fiware-lab-help-bounces@lists.fi-ware.org fiware-lab-help-bounces@lists.fi-ware.org
Per conto di Guillaume Jourdain
Inviato: mercoledì 13 maggio 2015 10:37
A: fiware-lab-help@lists.fi-ware.org
Oggetto: [Fiware-lab-help] Security problem with Hive
Hello,
I was working with a coworker on Cosmos (trying to make Hive queries) and we encounter a security issue.
When we log in to Cosmos, we can only access our own HDFS user space . The problem come from Hive, any user can list every tables existing in the cosmos node , and can query them .
We noticed that when my coworker who didn't remember the exact name of his Hive table launch the command "show table" . He was able to see every tables from any users that exists in Cosmos . We were a little suspicious , so I told him to try to query my own table and it worked. I guess we can then access any tables on your system.
Have you way to fix that? Is there any configuration to make a tables private?
Best regards .
–
Guillaume Jourdain.
Questo messaggio e i suoi allegati sono indirizzati esclusivamente alle persone indicate. La diffusione, copia o qualsiasi altra azione derivante dalla conoscenza di queste informazioni sono rigorosamente vietate. Qualora abbiate ricevuto questo documento per errore siete cortesemente pregati di darne immediata comunicazione al mittente e di provvedere alla sua distruzione, Grazie.
This e-mail and any attachments is confidential and may contain privileged information intended for the addressee(s) only. Dissemination, copying, printing or use by anybody else is unauthorised. If you are not the intended recipient, please delete this message and any attachments and advise the sender by return e-mail, Thanks.
[rispetta l'ambiente]Rispetta l'ambiente. Non stampare questa mail se non è necessario.