Uploaded image for project: 'Hive'
  1. Hive
  2. HIVE-8893

Implement whitelist for builtin UDFs to avoid untrused code execution in multiuser mode

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • 0.14.0
    • 1.1.0
    • Authorization, HiveServer2, SQL
    • None

    Description

      The udfs like reflect() or java_method() enables executing a java method as udf. While this offers lot of flexibility in the standalone mode, it can become a security loophole in a secure multiuser environment. For example, in HiveServer2 one can execute any available java code with user hive's credentials.
      We need a whitelist and blacklist to restrict builtin udfs in Hiveserver2.

      Attachments

        1. HIVE-8893.3.patch
          27 kB
          Prasad Suresh Mujumdar
        2. HIVE-8893.4.patch
          27 kB
          Prasad Suresh Mujumdar
        3. HIVE-8893.5.patch
          27 kB
          Prasad Suresh Mujumdar
        4. HIVE-8893.6.patch
          32 kB
          Prasad Suresh Mujumdar

        Issue Links

          Activity

            People

              prasadm Prasad Suresh Mujumdar
              prasadm Prasad Suresh Mujumdar
              Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: