[jira] [Commented] (HIVE-8893) Implement whitelist for builtin UDFs to avoid untrused code execution in multiuser mode

Prasad Mujumdar (JIRA) Thu, 20 Nov 2014 16:36:52 -0800

    [ 
https://issues.apache.org/jira/browse/HIVE-8893?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14220307#comment-14220307
 ]


Prasad Mujumdar commented on HIVE-8893:
---------------------------------------

Documented the new properties on the wiki. Thanks [~szehon]!

> Implement whitelist for builtin UDFs to avoid untrused code execution in 
> multiuser mode
> ---------------------------------------------------------------------------------------
>
>                 Key: HIVE-8893
>                 URL: https://issues.apache.org/jira/browse/HIVE-8893
>             Project: Hive
>          Issue Type: Bug
>          Components: Authorization, HiveServer2, SQL
>    Affects Versions: 0.14.0
>            Reporter: Prasad Mujumdar
>            Assignee: Prasad Mujumdar
>              Labels: TODOC15
>             Fix For: 0.15.0
>
>         Attachments: HIVE-8893.3.patch, HIVE-8893.4.patch, HIVE-8893.5.patch, 
> HIVE-8893.6.patch
>
>
> The udfs like reflect() or java_method() enables executing a java method as 
> udf. While this offers lot of flexibility in the standalone mode, it can 
> become a security loophole in a secure multiuser environment. For example, in 
>  HiveServer2 one can execute any available java code with user hive's 
> credentials.
> We need a whitelist and blacklist to restrict builtin udfs in Hiveserver2.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Commented] (HIVE-8893) Implement whitelist for builtin UDFs to avoid untrused code execution in multiuser mode

Reply via email to