rdblue commented on issue #16480: URL: https://github.com/apache/iceberg/issues/16480#issuecomment-4503659447
This assumes that the attacker can control the first file that is removed in a batch delete, in order to trigger credential reuse to delete other objects. But, all of these objects would need to be subject to deletion by the action or user running the command. That doesn't sound plausible to me and the impact restates the assumptions (that the credential chosen is from the first object). The use of that credential, *if it is misconfigured*, can cause legitimate deletes to fail (bug) or can use it to delete files for which another credential should have been used. But it can't change the list of files that are deleted. I think this is a bug, but not a security issue. I'm going to remove the Security label but leave this open for contributors to fix. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
