Uploaded image for project: 'Apache NiFi'
  1. Apache NiFi
  2. NIFI-3050

Restrict dangerous processors to special permission

Attach filesAttach ScreenshotVotersWatch issueWatchersCreate sub-taskLinkCloneUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

Details

    • New Feature
    • Status: Resolved
    • Blocker
    • Resolution: Fixed
    • 1.0.0
    • 1.1.0
    • Core Framework

    Description

      As evidenced by NIFI-3045 and other discoveries (e.g. using an ExecuteScript processor to iterate over a NiFiProperties instance after the application has already decrypted the sensitive properties from the nifi.properties file on disk, using a GetFile processor to retrieve /etc/passwd, etc.) NiFi is a powerful tool which can allow unauthorized users to perform malicious actions. While no tool as versatile as NiFi will ever be completely immune to insider threat, to further restrict the potential for abuse, certain processors should be designated as restricted, and these processors can only be added to the canvas or modified by users who, along with the proper permission to modify the canvas, have a special permission to interact with these "dangerous" processors.

      From the Security Feature Roadmap:

      Dangerous Processors

      • Processors which can directly affect behavior/configuration of NiFi/other services
      • GetFile
      • PutFile
      • ListFile
      • FetchFile
      • ExecuteScript
      • InvokeScriptedProcessor
      • ExecuteProcess
      • ExecuteStreamCommand
      • These processors should only be creatable/editable by users with special access control policy
      • Marked by @Restricted annotation on processor class
      • All flowfiles originating/passing through these processors have special attribute/protection
      • Perhaps *File processors can access a certain location by default but cannot access the root filesystem without special user permission?

      Matt Gilman and I should have a PR for this tomorrow.

      Attachments

        Activity

          This comment will be Viewable by All Users Viewable by All Users
          Cancel

          People

            mcgilman Matt Gilman
            alopresto Andy LoPresto
            Votes:
            1 Vote for this issue
            Watchers:
            8 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Slack

                Issue deployment