[ https://issues.apache.org/jira/browse/CASSANDRA-9402?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14638968#comment-14638968 ]
T Jake Luciani edited comment on CASSANDRA-9402 at 7/23/15 3:11 PM: -------------------------------------------------------------------- Overall, This is an improvement. We spoke offline and addressed a potential issue with user_function_timeout_policy. Since a Stop-the-world GC could happen during execution of the UDF. I'd like to get a professional opinion on this work, since I'm not convinced you couldn't, for example, access "/etc/passwd" via Nashorn (since nio is whitelisted). was (Author: tjake): Overall, This is an improvement. We spoke offline and addressed a potential issue with user_function_timeout_policy. Since a Stop-the-world GC could happen during execution of the UDF. I'd like to get a professional opinion on this work, since I'm not convinced you couldn't, for example, access "/etc/password" via Nashorn (since nio is whitelisted). > Implement proper sandboxing for UDFs > ------------------------------------ > > Key: CASSANDRA-9402 > URL: https://issues.apache.org/jira/browse/CASSANDRA-9402 > Project: Cassandra > Issue Type: Task > Reporter: T Jake Luciani > Assignee: Robert Stupp > Priority: Critical > Labels: docs-impacting, security > Fix For: 3.0 beta 1 > > Attachments: 9402-warning.txt > > > We want to avoid a security exploit for our users. We need to make sure we > ship 2.2 UDFs with good defaults so someone exposing it to the internet > accidentally doesn't open themselves up to having arbitrary code run. -- This message was sent by Atlassian JIRA (v6.3.4#6332)