[ https://issues.apache.org/jira/browse/NIFI-3050?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15684639#comment-15684639 ]
ASF subversion and git services commented on NIFI-3050: ------------------------------------------------------- Commit 7f5eabd603bfc326dadc35590bbe69304e8c90fa in nifi's branch refs/heads/master from [~mcgilman] [ https://git-wip-us.apache.org/repos/asf?p=nifi.git;h=7f5eabd ] NIFI-3050: Implemented access control logic for restricted components. - Addressing comments from PR. - Adding restricted tags to relevant components. - Showing a restricted icon overlay on the processor node on the canvas. (+1 squashed commit) Squashed commits: [f487682] NIFI-3050: - Introducing a Restricted annotation for components that require elevated privileges to use. - Updating the new Processor, Controller Service, and Reporting Task dialogs to include these details and prevent unauthorized selection. - Including the Restricted description in the generated component documentation. - Updating processor access control integration test to verify restricted component creation. - Updating the developer, user, and admin guide to include the restricted component policy. This closes #1247. Signed-off-by: Andy LoPresto <alopre...@apache.org> > Restrict dangerous processors to special permission > --------------------------------------------------- > > Key: NIFI-3050 > URL: https://issues.apache.org/jira/browse/NIFI-3050 > Project: Apache NiFi > Issue Type: New Feature > Components: Core Framework > Affects Versions: 1.0.0 > Reporter: Andy LoPresto > Assignee: Matt Gilman > Priority: Blocker > Labels: security > Fix For: 1.1.0 > > > As evidenced by [NIFI-3045] and other discoveries (e.g. using an > {{ExecuteScript}} processor to iterate over a {{NiFiProperties}} instance > after the application has already decrypted the sensitive properties from the > {{nifi.properties}} file on disk, using a {{GetFile}} processor to retrieve > {{/etc/passwd}}, etc.) NiFi is a powerful tool which can allow unauthorized > users to perform malicious actions. While no tool as versatile as NiFi will > ever be completely immune to insider threat, to further restrict the > potential for abuse, certain processors should be designated as > {{restricted}}, and these processors can only be added to the canvas or > modified by users who, along with the proper permission to modify the canvas, > have a special permission to interact with these "dangerous" processors. > From the [Security Feature > Roadmap|https://cwiki.apache.org/confluence/display/NIFI/Security+Feature+Roadmap]: > {quote} > Dangerous Processors > * Processors which can directly affect behavior/configuration of NiFi/other > services > - {{GetFile}} > - {{PutFile}} > - {{ListFile}} > - {{FetchFile}} > - {{ExecuteScript}} > - {{InvokeScriptedProcessor}} > - {{ExecuteProcess}} > - {{ExecuteStreamCommand}} > * These processors should only be creatable/editable by users with special > access control policy > * Marked by {{@Restricted}} annotation on processor class > * All flowfiles originating/passing through these processors have special > attribute/protection > * Perhaps *File processors can access a certain location by default but > cannot access the root filesystem without special user permission? > {quote} > [~mcgilman] and I should have a PR for this tomorrow. -- This message was sent by Atlassian JIRA (v6.3.4#6332)