[ https://issues.apache.org/jira/browse/CASSANDRA-9402?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14639494#comment-14639494 ]
Robert Stupp commented on CASSANDRA-9402: ----------------------------------------- Pushed another commit, that fixes the failing dtests. These failed because they (thankfully) only execute a JavaScript UDF (so unveiled a bug in this patch, if a JavaScript UDF is executed first). This commit also fixes the related issues and adds a separate utest to test that (only JavaScript UDFs). It also maintains restricted access to java.nio and java.net - but has to initialize the driver classes to ensure that. > Implement proper sandboxing for UDFs > ------------------------------------ > > Key: CASSANDRA-9402 > URL: https://issues.apache.org/jira/browse/CASSANDRA-9402 > Project: Cassandra > Issue Type: Task > Reporter: T Jake Luciani > Assignee: Robert Stupp > Priority: Critical > Labels: docs-impacting, security > Fix For: 3.0 beta 1 > > Attachments: 9402-warning.txt > > > We want to avoid a security exploit for our users. We need to make sure we > ship 2.2 UDFs with good defaults so someone exposing it to the internet > accidentally doesn't open themselves up to having arbitrary code run. -- This message was sent by Atlassian JIRA (v6.3.4#6332)