Aleksey Plekhanov created IGNITE-13300:
------------------------------------------
Summary: Ignite sandbox vulnerability allows to execute user code
in privileged proxy
Key: IGNITE-13300
URL: https://issues.apache.org/jira/browse/IGNITE-13300
Project: Ignite
Issue Type: Bug
Components: security
Affects Versions: 2.9
Reporter: Aleksey Plekhanov
Assignee: Aleksey Plekhanov
Ignite sandbox returns a privileged proxy for Ignite and some other system
interfaces. If the user implements one of these interfaces and gets via
privileged proxy an instance of implemented class, privileged proxy for user
class will be returned.
Reproducer:
{code:java}
public void testPrivelegedUserObject() throws Exception {
grid(CLNT_FORBIDDEN_WRITE_PROP).getOrCreateCache(DEFAULT_CACHE_NAME).put(0, new
TestIterator<>());
runForbiddenOperation(() ->
grid(CLNT_FORBIDDEN_WRITE_PROP).compute().run(() -> {
GridIterator<?> it =
(GridIterator<?>)Ignition.localIgnite().cache(DEFAULT_CACHE_NAME).get(0);
it.iterator();
}), AccessControlException.class);
}
public static class TestIterator<T> extends GridIterableAdapter<T> {
public TestIterator() {
super(Collections.emptyIterator());
}
@Override public GridIterator<T> iterator() {
controlAction();
return super.iterator();
}
}
{code}
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
