[
https://issues.apache.org/jira/browse/HIVE-11319?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14654091#comment-14654091
]
Szehon Ho commented on HIVE-11319:
----------------------------------
It does look like a vulnerability to me. When the impersonation is on at least
you can do file permissions to prevent it, but when impersonation is off it
will be an issue.
+1 from my side, will let others take a look too. Also this would be a
backward incompatible change so we should mark it as such.
> CTAS with location qualifier overwrites directories
> ---------------------------------------------------
>
> Key: HIVE-11319
> URL: https://issues.apache.org/jira/browse/HIVE-11319
> Project: Hive
> Issue Type: Bug
> Components: Parser
> Affects Versions: 0.14.0, 1.0.0, 1.2.0
> Reporter: Yongzhi Chen
> Assignee: Yongzhi Chen
> Labels: backward-incompatible
> Attachments: HIVE-11319.1.patch, HIVE-11319.2.patch
>
>
> CTAS with location clause acts as an insert overwrite. This can cause
> problems when there sub directories with in a directory.
> This cause some users accidentally wipe out directories with very important
> data. We should ban CTAS with location to a non-empty directory.
> Reproduce:
> create table ctas1
> location '/Users/ychen/tmp'
> as
> select * from jsmall limit 10;
> create table ctas2
> location '/Users/ychen/tmp'
> as
> select * from jsmall limit 5;
> Both creates will succeed. But value in table ctas1 will be replaced by ctas2
> accidentally.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
