[HIVE-14889] Beeline leaks sensitive environment variables of HiveServer2 when you type set; - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 2.1.1, 2.2.0
Component/s: Beeline
Labels:
None

Description

When you type set; beeline prints all the environment variables including passwords which could be major security risk. Eg: HADOOP_CREDENTIAL_PASSWORD below is leaked.

| env:HADOOP_CREDSTORE_PASSWORD=password             |
| env:HADOOP_DATANODE_OPTS=-Dhadoop.security.logger=ERROR,RFAS  |
| env:HADOOP_HOME_WARN_SUPPRESS=true                 |
| env:HADOOP_IDENT_STRING=vihang                     |
| env:HADOOP_PID_DIR=                                |

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

HIVE-14889.1.patch
06/Oct/16 00:15
9 kB
Vihang Karajgaonkar
HIVE-14889.2.patch
06/Oct/16 19:03
8 kB
Vihang Karajgaonkar

Activity

People

Assignee:: Vihang Karajgaonkar

Reporter:: Vihang Karajgaonkar

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 04/Oct/16 21:16

Updated:: 08/Dec/16 14:09

Resolved:: 07/Oct/16 15:10