[
https://issues.apache.org/jira/browse/SENTRY-960?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15020304#comment-15020304
]
Lenni Kuff commented on SENTRY-960:
-----------------------------------
thanks for posting both options Sravya. I think the whitelist approach is
safer, albeit a bit more invasive. I'm worried that with the blacklist approach
we might have an unexpected vulnerability in the future.
+1, but could you add a comment on what functions you are excluding from the
whitelist? Alternatively, you could emit both blacklist and whitelist
(blacklist takes precedence). This will help make it clear which functions we
want to protect against executing and which ones are safe.
> Sentry no longer enforces it's whitelist
> ----------------------------------------
>
> Key: SENTRY-960
> URL: https://issues.apache.org/jira/browse/SENTRY-960
> Project: Sentry
> Issue Type: Bug
> Components: Sentry
> Reporter: Ryan P
> Assignee: Sravya Tirukkovalur
> Attachments: SENTRY-960.10.patch, SENTRY-960.11.patch,
> SENTRY-960.2.patch, SENTRY-960.3.patch, SENTRY-960.4.patch,
> SENTRY-960.4.patch, SENTRY-960.5.patch, SENTRY-960.6.patch,
> SENTRY-960.7.patch, SENTRY-960.8.patch, SENTRY-960.9.patch, SENTRY-960.patch
>
>
> HiveSemanticAnalyzerHookContext no longer includes built-in functions as an
> input to it's Read Entities. This change hides built in functions from
> HiveAuthzBindingHook which is a huge security hole.
> Failing to enforce the whitelist will allow users to execute such functions
> as REFLECT and JAVA_METHOD.
> https://cwiki.apache.org/confluence/display/Hive/ReflectUDF
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
