[jira] [Updated] (HIVE-9473) sql std auth should disallow built-in udfs that allow any java methods to be called
[ https://issues.apache.org/jira/browse/HIVE-9473?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Brock Noland updated HIVE-9473: --- Fix Version/s: (was: 1.2.0) 1.1.0 Commited to 1.1.0, thx! > sql std auth should disallow built-in udfs that allow any java methods to be > called > --- > > Key: HIVE-9473 > URL: https://issues.apache.org/jira/browse/HIVE-9473 > Project: Hive > Issue Type: Bug > Components: Authorization, SQLStandardAuthorization >Reporter: Thejas M Nair >Assignee: Thejas M Nair > Fix For: 1.0.0, 1.1.0 > > Attachments: HIVE-9473.1.patch > > > As mentioned in HIVE-8893, some udfs can be used to execute arbitrary java > methods. This should be disallowed when sql standard authorization is used. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (HIVE-9473) sql std auth should disallow built-in udfs that allow any java methods to be called
[ https://issues.apache.org/jira/browse/HIVE-9473?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Thejas M Nair updated HIVE-9473: Fix Version/s: 1.2.0 1.0.0 > sql std auth should disallow built-in udfs that allow any java methods to be > called > --- > > Key: HIVE-9473 > URL: https://issues.apache.org/jira/browse/HIVE-9473 > Project: Hive > Issue Type: Bug > Components: Authorization, SQLStandardAuthorization >Reporter: Thejas M Nair >Assignee: Thejas M Nair > Fix For: 1.0.0, 1.2.0 > > Attachments: HIVE-9473.1.patch > > > As mentioned in HIVE-8893, some udfs can be used to execute arbitrary java > methods. This should be disallowed when sql standard authorization is used. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (HIVE-9473) sql std auth should disallow built-in udfs that allow any java methods to be called
[ https://issues.apache.org/jira/browse/HIVE-9473?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Thejas M Nair updated HIVE-9473: Resolution: Fixed Status: Resolved (was: Patch Available) Patch committed to 1.0 branch and trunk. [~brocknoland] Can you please merge this into branch-1.1 ? > sql std auth should disallow built-in udfs that allow any java methods to be > called > --- > > Key: HIVE-9473 > URL: https://issues.apache.org/jira/browse/HIVE-9473 > Project: Hive > Issue Type: Bug > Components: Authorization, SQLStandardAuthorization >Reporter: Thejas M Nair >Assignee: Thejas M Nair > Attachments: HIVE-9473.1.patch > > > As mentioned in HIVE-8893, some udfs can be used to execute arbitrary java > methods. This should be disallowed when sql standard authorization is used. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (HIVE-9473) sql std auth should disallow built-in udfs that allow any java methods to be called
[ https://issues.apache.org/jira/browse/HIVE-9473?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Thejas M Nair updated HIVE-9473: Status: Patch Available (was: Open) > sql std auth should disallow built-in udfs that allow any java methods to be > called > --- > > Key: HIVE-9473 > URL: https://issues.apache.org/jira/browse/HIVE-9473 > Project: Hive > Issue Type: Bug > Components: Authorization, SQLStandardAuthorization >Reporter: Thejas M Nair >Assignee: Thejas M Nair > Attachments: HIVE-9473.1.patch > > > As mentioned in HIVE-8893, some udfs can be used to execute arbitrary java > methods. This should be disallowed when sql standard authorization is used. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (HIVE-9473) sql std auth should disallow built-in udfs that allow any java methods to be called
[ https://issues.apache.org/jira/browse/HIVE-9473?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Thejas M Nair updated HIVE-9473: Release Note: SQL Standard authorization will disable the udfs reflect, reflect2 and java_method by automatically setting the udf blacklist config parameter (hive.server2.builtin.udf.blacklist). However, if HiveServer2 admin chooses to set the config param to a specific value, it will not be altered. Adding release notes for doc input. > sql std auth should disallow built-in udfs that allow any java methods to be > called > --- > > Key: HIVE-9473 > URL: https://issues.apache.org/jira/browse/HIVE-9473 > Project: Hive > Issue Type: Bug > Components: Authorization, SQLStandardAuthorization >Reporter: Thejas M Nair >Assignee: Thejas M Nair > Attachments: HIVE-9473.1.patch > > > As mentioned in HIVE-8893, some udfs can be used to execute arbitrary java > methods. This should be disallowed when sql standard authorization is used. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (HIVE-9473) sql std auth should disallow built-in udfs that allow any java methods to be called
[ https://issues.apache.org/jira/browse/HIVE-9473?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Thejas M Nair updated HIVE-9473: Attachment: HIVE-9473.1.patch > sql std auth should disallow built-in udfs that allow any java methods to be > called > --- > > Key: HIVE-9473 > URL: https://issues.apache.org/jira/browse/HIVE-9473 > Project: Hive > Issue Type: Bug > Components: Authorization, SQLStandardAuthorization >Reporter: Thejas M Nair >Assignee: Thejas M Nair > Attachments: HIVE-9473.1.patch > > > As mentioned in HIVE-8893, some udfs can be used to execute arbitrary java > methods. This should be disallowed when sql standard authorization is used. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
