[jira] [Commented] (HIVE-8893) Implement whitelist for builtin UDFs to avoid untrused code execution in multiuser mode

Tue, 16 Dec 2014 06:17:43 -0800 

    [ 
https://issues.apache.org/jira/browse/HIVE-8893?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14248272#comment-14248272
 ] 

Lefty Leverenz commented on HIVE-8893:
--------------------------------------

Doc issue:  [~prasadm], I noticed that you put 
*hive.server2.builtin.udf.whitelist* and *hive.server2.builtin.udf.blacklist* 
in the Configuration Properties doc after 
*hive.security.authorization.sqlstd.confwhitelist*, which is in the "SQL 
Standard Based Authorization" section.  Don't they belong in the "HiveServer2" 
section instead?  Or do they only apply to SQL standard-based authorization?

Wherever they go, I'll add links in the "Restricted List and Whitelist" 
subsection of "Authentication/Authorization" just like the link for 
*hive.security.authorization.sqlstd.confwhitelist*.  If you have better ideas 
about how to organize all these parameters, please let me know.

Quick reference:

* [hive.security.authorization.sqlstd.confwhitelist | 
https://cwiki.apache.org/confluence/display/Hive/Configuration+Properties#ConfigurationProperties-hive.security.authorization.sqlstd.confwhitelist]
followed by hive.server2.builtin.udf.whitelist and 
hive.server2.builtin.udf.blacklist
* [HiveServer2 | 
https://cwiki.apache.org/confluence/display/Hive/Configuration+Properties#ConfigurationProperties-HiveServer2]
* [Restricted List and Whitelist | 
https://cwiki.apache.org/confluence/display/Hive/Configuration+Properties#ConfigurationProperties-RestrictedListandWhitelist]

> Implement whitelist for builtin UDFs to avoid untrused code execution in 
> multiuser mode
> ---------------------------------------------------------------------------------------
>
>                 Key: HIVE-8893
>                 URL: https://issues.apache.org/jira/browse/HIVE-8893
>             Project: Hive
>          Issue Type: Bug
>          Components: Authorization, HiveServer2, SQL
>    Affects Versions: 0.14.0
>            Reporter: Prasad Mujumdar
>            Assignee: Prasad Mujumdar
>             Fix For: 0.15.0
>
>         Attachments: HIVE-8893.3.patch, HIVE-8893.4.patch, HIVE-8893.5.patch, 
> HIVE-8893.6.patch
>
>
> The udfs like reflect() or java_method() enables executing a java method as 
> udf. While this offers lot of flexibility in the standalone mode, it can 
> become a security loophole in a secure multiuser environment. For example, in 
>  HiveServer2 one can execute any available java code with user hive's 
> credentials.
> We need a whitelist and blacklist to restrict builtin udfs in Hiveserver2.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to