[jira] [Created] (HIVE-22150) HS2 allows setting system properties

Craig Condit (Jira) Tue, 27 Aug 2019 12:23:20 -0700

Craig Condit created HIVE-22150:
-----------------------------------

             Summary: HS2 allows setting system properties
                 Key: HIVE-22150
                 URL: https://issues.apache.org/jira/browse/HIVE-22150
             Project: Hive
          Issue Type: Bug
          Components: HiveServer2
    Affects Versions: 3.1.1
            Reporter: Craig Condit



HiveServer2 currently allows setting system properties, which is a problem when 
used in a multi-user environment.

Connecting via beeline and executing the following demonstrates the issue:


{noformat}
0: jdbc:hive2://serv1000.example.com:2181,serv> SET system:java.io.tmpdir;
+-----------------------------+
|             set             |
+-----------------------------+
| system:java.io.tmpdir=/tmp  |
+-----------------------------+
1 row selected (0.018 seconds)
0: jdbc:hive2://serv1000.example.com:2181,serv> SET 
system:java.io.tmpdir=/tmp/attacker-dir;
No rows affected (0.013 seconds)
0: jdbc:hive2://serv1000.example.com:2181,serv> SET system:java.io.tmpdir;
+------------------------------------------+
|                   set                    |
+------------------------------------------+
| system:java.io.tmpdir=/tmp/attacker-dir  |
+------------------------------------------+
1 row selected (0.019 seconds)
{noformat}

Any changes persist until HS2 is restarted, and affect all connected users. At 
the very least, this is a denial-of-service vector (verified by setting 
line.separator to a random string).



--
This message was sent by Atlassian Jira
(v8.3.2#803003)

[jira] [Created] (HIVE-22150) HS2 allows setting system properties

Reply via email to