Peter Toth created SPARK-57889:
----------------------------------

             Summary: Authorize StreamRequest consistently with 
ChunkFetchRequest in the transport layer
                 Key: SPARK-57889
                 URL: https://issues.apache.org/jira/browse/SPARK-57889
             Project: Spark
          Issue Type: Bug
          Components: Spark Core
    Affects Versions: 5.0.0
            Reporter: Peter Toth


The transport layer serves both ChunkFetchRequest and StreamRequest from the 
same StreamManager. ChunkFetchRequestHandler calls 
streamManager.checkAuthorization to enforce per-application ownership (clientId 
== appId), but TransportRequestHandler.processStreamRequest calls openStream 
directly with no such check. Because OneForOneStreamManager.openStream 
addresses the same registered streams by their string id 
("streamId_chunkIndex"), a StreamRequest can read a stream that the 
ChunkFetchRequest path would have authorized.

Fix: call streamManager.checkAuthorization in processStreamRequest before 
openStream, mirroring ChunkFetchRequestHandler. Add a 
checkAuthorization(TransportClient, String) overload to StreamManager (no-op 
default), overridden in OneForOneStreamManager to parse the string id and 
delegate to the existing checkAuthorization(TransportClient, long). Like the 
existing ChunkFetchRequest check, this enforces only for authenticated clients 
(non-null client id); behavior is unchanged when authentication is disabled.




--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to