Andrew Wong created KUDU-3259:
---------------------------------
Summary: Define ownership of transactions for participants to
prevent malicious users from writing to a transaction
Key: KUDU-3259
URL: https://issues.apache.org/jira/browse/KUDU-3259
Project: Kudu
Issue Type: Improvement
Components: security, transactions
Reporter: Andrew Wong
Currently, any user can write as a part of a transaction. This isn't
necessarily safe, though at the very least, Kudu still performs its authz
checks on every write request that enters the system. When a participant calls
BEGIN_TXN, we should consider also persisting the username of the writer, which
should also get validated on the call to RegisterParticipant. Once successful,
further write requests can be rejected if they are from other users.
Note that calls to the TxnStatusManager are protected in this way (e.g. calls
to commit or rollback will validate that the caller matches the 'user' field in
the {{TxnStatusEntryPB}}.
One thing to be cognizant of here is that if we are going to persist more
metadata per transaction, we should strongly consider ways to reduce the amount
of metadata stored in a single SuperBlockPB file.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
