Hi all,

This came out of discussion in HADOOP-12718. What do you think if I place
extra permission check into {{FileUtil#list}}?
{code}
    public static String[] list(File dir) throws IOException {
+     if (!canRead(dir)) {
+       throw new AccessControlException("Permission denied for dir: " +
+           dir.toString());
      }
      String[] fileNames = dir.list();
      if(fileNames == null) {
        throw new IOException("Invalid directory or I/O error occurred for
dir: "
                  + dir.toString());
      }
      return fileNames;
    }
{code}
Currently {{FileUtil#list}} is only called by:
{code}
        hadoop-common  (1 usage found)
            org.apache.hadoop.fs  (1 usage found)
                RawLocalFileSystem  (1 usage found)
                    listStatus(Path)  (1 usage found)
                        474String[] names = FileUtil.list(localf);
        hadoop-hdfs  (3 usages found)
            org.apache.hadoop.hdfs.server.datanode  (2 usages found)
                BlockPoolSliceStorage  (1 usage found)
                    cleanupDetachDir(File)  (1 usage found)
                        518if (FileUtil.list(detachDir).length != 0) {
                DataStorage  (1 usage found)
                    cleanupDetachDir(File)  (1 usage found)
                        910if (FileUtil.list(detachDir).length != 0 ) {
            org.apache.hadoop.hdfs.server.datanode.fsdataset.impl  (1 usage
found)
                FsVolumeImpl  (1 usage found)
                    isBPDirEmpty(String)  (1 usage found)
                        1035if (rbwDir.exists() &&
FileUtil.list(rbwDir).length != 0) {
{code}

These callers seem ok with the change. ACE is a subclass of IOE, I imagine
the impact should be minimum with the benefit of give more precise
exception class and message.

Thanks,
John Zhuge
Software Engineer, Cloudera

Reply via email to