Uploaded image for project: 'ZooKeeper'
  1. ZooKeeper
  2. ZOOKEEPER-4727

zNode deleted despite not having access rights (zNode with ACL)

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Open
    • Major
    • Resolution: Unresolved
    • 3.8.1
    • None
    • java client, server
    • None

    Description

      Hello,
       
      I've found a problem with Zookeeper, allowing any client to delete a zNode regardless of the ACL set for the zNode.

      I'm not sure if this issue is for the ordinary JIRA ticket, or the issue is a vulnerability problem.
       
      Here are steps I used, to reproduce the problem:
       
      1) Create zNode /users.
      2) Create zNode /users/john.

      [zk: localhost:2181(CONNECTED) 1] create /users
      Created /users
      [zk: localhost:2181(CONNECTED) 2] create /users/john

       
      3) Set auth.scheme digest, with password 'john123' on the zNode /users/john.
       
      3.1) Generate digest for the user john and password john123.

      root@dev-id-client:/opt/zookeeper-3.8.2# java -classpath 'lib/*' org.apache.zookeeper.server.auth.DigestAuthenticationProvider john:john123
      16:02:56.377 [main] INFO org.apache.zookeeper.server.auth.DigestAuthenticationProvider - ACL digest algorithm is: SHA1
      john:john123->john:SNEZzLxGQHaYcjRvU8KnG1WX9rU=
      root@dev-id-client:/opt/zookeeper-3.8.2#

       
      3.2) Assign ACL for the zNode /users/john.

      [zk: localhost:2181(CONNECTED) 6] setAcl /users/john digest:john:SNEZzLxGQHaYcjRvU8KnG1WX9rU=:cdrwa

      [zk: localhost:2181(CONNECTED) 7]

       

       
      4) Test the access to the zNode /users/john. Try to read the ACL.

      [zk: localhost:2181(CONNECTED) 7] getAcl /users/john
      Insufficient permission : /users/john
      [zk: localhost:2181(CONNECTED) 8]

       

      Here the response makes sense. Because of the zNode ACL set, access is denied.
       
      5) Try to delete the zNode /users/john.

      [zk: localhost:2181(CONNECTED) 8] delete /users/john
      [zk: localhost:2181(CONNECTED) 9]

       

      I'd expect here to see Insufficient permission message.
       
      6) Verify that zNode was successfully deleted.

      [zk: localhost:2181(CONNECTED) 9] stat /users/john
      Node does not exist: /users/john
      [zk: localhost:2181(CONNECTED) 10]

       

       
      7) whoami command shows the following.
       

      [zk: localhost:2181(CONNECTED) 10] whoami
      Auth scheme: User
      ip: 127.0.0.1
      [zk: localhost:2181(CONNECTED) 11]
       

       
      In my opinion, delete operation should not be possible if the zNode access was rejected, eg. getAcl fails with Insufficient permission : /users/john.
       

      Attachments

        Activity

          People

            Unassigned Unassigned
            idelac Igor Delac
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated: