[ 
https://issues.apache.org/jira/browse/SPARK-57882?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Peter Toth updated SPARK-57882:
-------------------------------
    Affects Version/s: 4.0.3
                       4.1.2
                       3.5.8
                       4.2.0
                           (was: 5.0.0)

> Enforce AuthV2 metadata authorization on GetPrimaryKeys and GetCrossReference 
> operations
> ----------------------------------------------------------------------------------------
>
>                 Key: SPARK-57882
>                 URL: https://issues.apache.org/jira/browse/SPARK-57882
>             Project: Spark
>          Issue Type: Bug
>          Components: SQL
>    Affects Versions: 3.5.8, 4.2.0, 4.1.2, 4.0.3
>            Reporter: Peter Toth
>            Assignee: Peter Toth
>            Priority: Major
>              Labels: pull-request-available
>             Fix For: 3.5.9, 4.3.0, 4.1.3, 4.0.4, 4.2.1
>
>
> In the Hive Thrift server, metadata operations authorize metastore access 
> through Hive's
> AuthV2 plugin (isAuthV2Enabled() / authorizeMetaGets()) when authorization is 
> enabled
> (hive.security.authorization.manager set to a HiveAuthorizerFactory). All 
> MetadataOperation
> subclasses apply this gate -- GetTablesOperation, GetColumnsOperation, 
> GetSchemasOperation,
> GetFunctionsOperation, etc. -- as do Spark's own SparkGet*Operation classes.
> GetPrimaryKeysOperation and GetCrossReferenceOperation are the only metadata 
> operations that
> omit the gate, and SparkSQLOperationManager does not override them, so the 
> ungated Hive base
> implementations run. As a result, when AuthV2 is configured, an authenticated 
> Thrift/JDBC
> client can read primary-key and foreign-key schema metadata (table, column, 
> and key names,
> and inter-table FK relationships) for tables that an AuthV2 policy denies via
> getTables()/getColumns().
> Fix: add the same isAuthV2Enabled()/authorizeMetaGets() gate used by the 
> sibling operations
> to GetPrimaryKeysOperation.runInternal() and 
> GetCrossReferenceOperation.runInternal(), scoped
> to the referenced table(s) (TABLE_OR_VIEW privilege objects). With 
> authorization disabled
> (the default), behavior is unchanged.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to