[
https://issues.apache.org/jira/browse/SPARK-57889?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Peter Toth updated SPARK-57889:
-------------------------------
Affects Version/s: 4.0.3
4.1.2
3.5.8
4.2.0
(was: 5.0.0)
> Authorize StreamRequest consistently with ChunkFetchRequest in the transport
> layer
> ----------------------------------------------------------------------------------
>
> Key: SPARK-57889
> URL: https://issues.apache.org/jira/browse/SPARK-57889
> Project: Spark
> Issue Type: Bug
> Components: Spark Core
> Affects Versions: 3.5.8, 4.2.0, 4.1.2, 4.0.3
> Reporter: Peter Toth
> Assignee: Peter Toth
> Priority: Major
> Labels: pull-request-available
> Fix For: 3.5.9, 4.3.0, 4.1.3, 4.0.4, 4.2.1
>
>
> The transport layer serves both ChunkFetchRequest and StreamRequest from the
> same StreamManager. ChunkFetchRequestHandler calls
> streamManager.checkAuthorization to enforce per-application ownership
> (clientId == appId), but TransportRequestHandler.processStreamRequest calls
> openStream directly with no such check. Because
> OneForOneStreamManager.openStream addresses the same registered streams by
> their string id ("streamId_chunkIndex"), a StreamRequest can read a stream
> that the ChunkFetchRequest path would have authorized.
> Fix: call streamManager.checkAuthorization in processStreamRequest before
> openStream, mirroring ChunkFetchRequestHandler. Add a
> checkAuthorization(TransportClient, String) overload to StreamManager (no-op
> default), overridden in OneForOneStreamManager to parse the string id and
> delegate to the existing checkAuthorization(TransportClient, long). Like the
> existing ChunkFetchRequest check, this enforces only for authenticated
> clients (non-null client id); behavior is unchanged when authentication is
> disabled.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]