[
https://issues.apache.org/jira/browse/CASSANDRA-9402?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14623733#comment-14623733
]
Robert Stupp commented on CASSANDRA-9402:
-----------------------------------------
For threads it would work (and it's in the branch).
I'm 99% sure, that sockets and files are have pretty good protection via
SecurityManager - so g2g for java.*
The reason why I've added such "class usage prevention" is the C* code base and
the libraries.
And since that was already in place, I also restricted access to "dangerous"
java(x).* classes.
I also tried to implement a completely separate class loader hierarchy (so one
for C* core and one for Java UDFs just with the Java UDFs and the supporting
Java Driver classes). But it just did not work due to indirect class references
by the Java Driver itself. Modifying the Java Driver and possibly restricting
its future development for sandboxing felt somewhat ugly.
> Implement proper sandboxing for UDFs
> ------------------------------------
>
> Key: CASSANDRA-9402
> URL: https://issues.apache.org/jira/browse/CASSANDRA-9402
> Project: Cassandra
> Issue Type: Task
> Reporter: T Jake Luciani
> Assignee: Robert Stupp
> Priority: Critical
> Labels: docs-impacting, security
> Fix For: 3.0 beta 1
>
> Attachments: 9402-warning.txt
>
>
> We want to avoid a security exploit for our users. We need to make sure we
> ship 2.2 UDFs with good defaults so someone exposing it to the internet
> accidentally doesn't open themselves up to having arbitrary code run.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
