Problem Note 64030: SASHDAT files saved to Hadoop Distributed File System (HDFS) grant Read and Write access to all users if you do not specify custom permissions
 |  |  |  |  |
Severity: High
Description: When using the SAS® 9.4 SASHDAT engine or SAS® Viya® Cloud Analytic Services (CAS) actions to save files to HDFS in SASHDAT format, you encounter a security vulnerability. In this scenario, permissions on saved SASHDAT files incorrectly default to 666 (Read and Write access for all) when you do not specify a permission setting. Instead, the behavior when you do not specify permissions should be that the default HDFS umask is applied to the file. The default HDFS unmask is generally derived from hdfs-site.xml settings such as dfs.umaskmode or fs.permissions.umask-mode.
Potential Impact: SASHDAT files can be read, modified, or deleted by any user with access to the HDFS directory that contains these files.
Click the Hot Fix tab in this note to access the hot fix for this issue.
Operating System and Release Information
| Product Family | Product | System | Product Release | SAS Release | ||
| Reported | Fixed* | Reported | Fixed* | |||
| SAS System | SAS LASR Analytic Server | Linux for x64 | 2.82 | 9.4 TS1M6 | ||
| SAS System | SAS Viya | Linux for x64 | 3.4 | |||
An update for this issue is available for SAS Viya 3.4. For instructions on how to access and apply software updates, see the Updating Your SAS Viya software section in the SAS Viya 3.4 for Linux Deployment Guide at
http://documentation.sas.com/?softwareId=administration&softwareVersion=3.4&softwareContextId=softwareUpdatesA fix for this issue for SAS Plug-ins for Hadoop 1.02 is available at:
https://tshf.sas.com/techsup/download/hotfix/HF2/D9U.html#64030| Type: | Problem Note |
| Priority: | alert |
| Date Modified: | 2019-04-16 07:44:51 |
| Date Created: | 2019-04-12 11:17:54 |