[HIVE-9473] sql std auth should disallow built-in udfs that allow any java methods to be called - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 1.0.0
Component/s: Authorization, SQLStandardAuthorization
Labels:
- TODOC1.0

Release Note:

Hide
SQL Standard authorization will disable the udfs reflect, reflect2 and java_method by automatically setting the udf blacklist config parameter (hive.server2.builtin.udf.blacklist). However, if HiveServer2 admin chooses to set the config param to a specific value, it will not be altered.

Show
SQL Standard authorization will disable the udfs reflect, reflect2 and java_method by automatically setting the udf blacklist config parameter (hive.server2.builtin.udf.blacklist). However, if HiveServer2 admin chooses to set the config param to a specific value, it will not be altered.

Description

As mentioned in ~~HIVE-8893~~, some udfs can be used to execute arbitrary java methods. This should be disallowed when sql standard authorization is used.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

HIVE-9473.1.patch
27/Jan/15 22:38
11 kB
Thejas Nair

Issue Links

is related to

HIVE-8893 Implement whitelist for builtin UDFs to avoid untrused code execution in multiuser mode

Resolved

Activity

People

Assignee:: Thejas Nair

Reporter:: Thejas Nair

Votes:: 0 Vote for this issue

Watchers:: 5 Start watching this issue

Dates

Created:: 26/Jan/15 22:50

Updated:: 26/Feb/15 00:14

Resolved:: 30/Jan/15 00:35