mirror of
https://codeberg.org/redict/redict.git
synced 2025-01-22 16:18:28 -05:00
1078e30c5f
Currently the sort and sort_ro can access external keys via `GET` and `BY` in order to make sure the user cannot violate the authorization ACL rules, the decision is to reject external keys access patterns unless ACL allows SORT full access to all keys. I.e. for backwards compatibility, SORT with GET/BY keeps working, but if ACL has restrictions to certain keys, these features get permission denied. ### Implemented solution We have discussed several potential solutions and decided to only allow the GET and BY arguments when the user has all key permissions with the SORT command. The reasons being that SORT with GET or BY is problematic anyway, for instance it is not supported in cluster mode since it doesn't declare keys, and we're not sure the combination of that feature with ACL key restriction is really required. **HOWEVER** If in the fullness of time we will identify a real need for fine grain access support for SORT, we would implement the complete solution which is the alternative described below. ### Alternative (Completion solution): Check sort ACL rules after executing it and before committing output (either via store or to COB). it would require making several changes to the sort command itself. and would potentially cause performance degradation since we will have to collect all the get keys instead of just applying them to a temp array and then scan the access keys against the ACL selectors. This solution can include an optimization to avoid the overheads of collecting the key names, in case the ACL rules grant SORT full key-access, or if the ACL key pattern literal matches the one used in GET/BY. It would also mean that authorization would be O(nlogn) since we will have to complete most of the command execution before we can perform verification Co-authored-by: Madelyn Olson <madelyneolson@gmail.com> Co-authored-by: Oran Agra <oran@redislabs.com> |
||
|---|---|---|
| .. | ||
| moduleapi | ||
| type | ||
| acl-v2.tcl | ||
| acl.tcl | ||
| aofrw.tcl | ||
| auth.tcl | ||
| bitfield.tcl | ||
| bitops.tcl | ||
| client-eviction.tcl | ||
| cluster.tcl | ||
| dump.tcl | ||
| expire.tcl | ||
| functions.tcl | ||
| geo.tcl | ||
| hyperloglog.tcl | ||
| info-command.tcl | ||
| info.tcl | ||
| introspection-2.tcl | ||
| introspection.tcl | ||
| keyspace.tcl | ||
| latency-monitor.tcl | ||
| lazyfree.tcl | ||
| limits.tcl | ||
| maxmemory.tcl | ||
| memefficiency.tcl | ||
| multi.tcl | ||
| networking.tcl | ||
| obuf-limits.tcl | ||
| oom-score-adj.tcl | ||
| other.tcl | ||
| pause.tcl | ||
| pendingquerybuf.tcl | ||
| printver.tcl | ||
| protocol.tcl | ||
| pubsub.tcl | ||
| pubsubshard.tcl | ||
| querybuf.tcl | ||
| quit.tcl | ||
| replybufsize.tcl | ||
| scan.tcl | ||
| scripting.tcl | ||
| shutdown.tcl | ||
| slowlog.tcl | ||
| sort.tcl | ||
| tls.tcl | ||
| tracking.tcl | ||
| violations.tcl | ||
| wait.tcl | ||