[ https://issues.apache.org/jira/browse/NIFI-3050?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Matt Gilman reassigned NIFI-3050: --------------------------------- Assignee: Matt Gilman (was: Andy LoPresto) > Restrict dangerous processors to special permission > --------------------------------------------------- > > Key: NIFI-3050 > URL: https://issues.apache.org/jira/browse/NIFI-3050 > Project: Apache NiFi > Issue Type: New Feature > Components: Core Framework > Affects Versions: 1.0.0 > Reporter: Andy LoPresto > Assignee: Matt Gilman > Priority: Blocker > Labels: security > Fix For: 1.1.0 > > > As evidenced by [NIFI-3045] and other discoveries (e.g. using an > {{ExecuteScript}} processor to iterate over a {{NiFiProperties}} instance > after the application has already decrypted the sensitive properties from the > {{nifi.properties}} file on disk, using a {{GetFile}} processor to retrieve > {{/etc/passwd}}, etc.) NiFi is a powerful tool which can allow unauthorized > users to perform malicious actions. While no tool as versatile as NiFi will > ever be completely immune to insider threat, to further restrict the > potential for abuse, certain processors should be designated as > {{restricted}}, and these processors can only be added to the canvas or > modified by users who, along with the proper permission to modify the canvas, > have a special permission to interact with these "dangerous" processors. > From the [Security Feature > Roadmap|https://cwiki.apache.org/confluence/display/NIFI/Security+Feature+Roadmap]: > {quote} > Dangerous Processors > * Processors which can directly affect behavior/configuration of NiFi/other > services > - {{GetFile}} > - {{PutFile}} > - {{ListFile}} > - {{FetchFile}} > - {{ExecuteScript}} > - {{InvokeScriptedProcessor}} > - {{ExecuteProcess}} > - {{ExecuteStreamCommand}} > * These processors should only be creatable/editable by users with special > access control policy > * Marked by {{@Restricted}} annotation on processor class > * All flowfiles originating/passing through these processors have special > attribute/protection > * Perhaps *File processors can access a certain location by default but > cannot access the root filesystem without special user permission? > {quote} > [~mcgilman] and I should have a PR for this tomorrow. -- This message was sent by Atlassian JIRA (v6.3.4#6332)