CachingDirectoryLister can leak file listings to unauthorized user

trinodb / trino

Official repository of Trino, the distributed SQL query engine for big data, formerly known as PrestoSQL (https://trino.io)

https://trino.io

Apache License 2.0

10.45k stars 3.01k forks source link

CachingDirectoryLister can leak file listings to unauthorized user #11756

Open sopel39 opened 2 years ago

sopel39 commented 2 years ago

CachingDirectoryLister uses FS provided by caller to list files in directory. If impersonation or extra credentials are used, it means that directory listing would be cached as for a specific user. Therefore, such cached directory listing might be returned even if some other user isn't authorized to do so.

sopel39 commented 2 years ago

cc @findepi

electrum commented 2 years ago

I think this is a documentation / configuration issue. The only leak here is the file names themselves, which are almost never security sensitive. It might be a correctness issue if different users get different listings.

Do any existing file systems actually return different listings?

The cache is disabled by default, so if someone enables it, they need to understand the implications.

sopel39 commented 2 years ago

cc @mosabua

mosabua commented 2 years ago

I honestly think there is nothing to document here ..