[
https://issues.apache.org/jira/browse/HIVE-21033?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Szehon Ho updated HIVE-21033:
-----------------------------
Description:
We had a custom client that did not handle closing the operations, until the
end of the session. it is a mistake in the client, but it reveals kind of a
vulnerability in HiveServer2
This happens if you have a session with (1) HiveCommandOperation and (2)
SQLOperation and don't close them right after. For example a session that does
the operations (set a=b; select * from foobar; ).
When SQLOperation runs , it set SessionState.out and err to be System.out and
System.err . Ref:
[SQLOperation#setupSessionIO|https://github.com/apache/hive/blob/master/service/src/java/org/apache/hive/service/cli/operation/SQLOperation.java#L139]
Then the client closes the session, or disconnects. In this case, the Session
closes all the operations, starting with HiveCommandOperation. This one closes
all the streams, which is System.out and System.err as set by SQLOperation
earlier. Ref:
[HiveCommandOperation#tearDownSessionIO|https://github.com/apache/hive/blob/f37c5de6c32b9395d1b34fa3c02ed06d1bfbf6eb/service/src/java/org/apache/hive/service/cli/operation/HiveCommandOperation.java#L101]
After this, no more HiveServer2 output appears as System.out and System.err are
closed.
was:
We had a custom client that did not handle closing the operation or session on
the error case. But it may also happen for any client that just disconnects in
the middle of this operation.
This happens if you have a session with (1) HiveCommandOperation and (2)
SQLOperation and don't close them right after. For example a session that does
the operations (set a=b; select * from foobar; ).
When SQLOperation runs , it set SessionState.out and err to be System.out and
System.err . Ref:
[SQLOperation#setupSessionIO|https://github.com/apache/hive/blob/master/service/src/java/org/apache/hive/service/cli/operation/SQLOperation.java#L139]
Then the client closes the session, or disconnects. In this case, the Session
closes all the operations, starting with HiveCommandOperation. This one closes
all the streams, which is System.out and System.err as set by SQLOperation
earlier. Ref:
[HiveCommandOperation#tearDownSessionIO|https://github.com/apache/hive/blob/f37c5de6c32b9395d1b34fa3c02ed06d1bfbf6eb/service/src/java/org/apache/hive/service/cli/operation/HiveCommandOperation.java#L101]
After this, no more HiveServer2 output appears as System.out and System.err are
closed.
> Forgetting to close operation cuts off any more HiveServer2 output
> ------------------------------------------------------------------
>
> Key: HIVE-21033
> URL: https://issues.apache.org/jira/browse/HIVE-21033
> Project: Hive
> Issue Type: Bug
> Reporter: Szehon Ho
> Priority: Major
>
> We had a custom client that did not handle closing the operations, until the
> end of the session. it is a mistake in the client, but it reveals kind of a
> vulnerability in HiveServer2
> This happens if you have a session with (1) HiveCommandOperation and (2)
> SQLOperation and don't close them right after. For example a session that
> does the operations (set a=b; select * from foobar; ).
> When SQLOperation runs , it set SessionState.out and err to be System.out and
> System.err . Ref:
> [SQLOperation#setupSessionIO|https://github.com/apache/hive/blob/master/service/src/java/org/apache/hive/service/cli/operation/SQLOperation.java#L139]
> Then the client closes the session, or disconnects. In this case, the
> Session closes all the operations, starting with HiveCommandOperation. This
> one closes all the streams, which is System.out and System.err as set by
> SQLOperation earlier. Ref:
> [HiveCommandOperation#tearDownSessionIO|https://github.com/apache/hive/blob/f37c5de6c32b9395d1b34fa3c02ed06d1bfbf6eb/service/src/java/org/apache/hive/service/cli/operation/HiveCommandOperation.java#L101]
>
> After this, no more HiveServer2 output appears as System.out and System.err
> are closed.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
