[jira] [Commented] (HIVE-8893) Implement whitelist for builtin UDFs to avoid untrused code execution in multiuser mode

Hive QA (JIRA) Tue, 18 Nov 2014 02:46:26 -0800

    [ 
https://issues.apache.org/jira/browse/HIVE-8893?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14216052#comment-14216052
 ]


Hive QA commented on HIVE-8893:
-------------------------------



{color:red}Overall{color}: -1 at least one tests failed

Here are the results of testing the latest attachment:
https://issues.apache.org/jira/secure/attachment/12682121/HIVE-8893.5.patch

{color:red}ERROR:{color} -1 due to 1 failed/errored test(s), 6650 tests executed
*Failed tests:*
{noformat}
org.apache.hadoop.hive.cli.TestMiniTezCliDriver.testCliDriver_optimize_nullscan
{noformat}

Test results: 
http://ec2-174-129-184-35.compute-1.amazonaws.com/jenkins/job/PreCommit-HIVE-TRUNK-Build/1833/testReport
Console output: 
http://ec2-174-129-184-35.compute-1.amazonaws.com/jenkins/job/PreCommit-HIVE-TRUNK-Build/1833/console
Test logs: 
http://ec2-174-129-184-35.compute-1.amazonaws.com/logs/PreCommit-HIVE-TRUNK-Build-1833/

Messages:
{noformat}
Executing org.apache.hive.ptest.execution.PrepPhase
Executing org.apache.hive.ptest.execution.ExecutionPhase
Executing org.apache.hive.ptest.execution.ReportingPhase
Tests exited with: TestsFailedException: 1 tests failed
{noformat}

This message is automatically generated.

ATTACHMENT ID: 12682121 - PreCommit-HIVE-TRUNK-Build

> Implement whitelist for builtin UDFs to avoid untrused code execution in 
> multiuser mode
> ---------------------------------------------------------------------------------------
>
>                 Key: HIVE-8893
>                 URL: https://issues.apache.org/jira/browse/HIVE-8893
>             Project: Hive
>          Issue Type: Bug
>          Components: Authorization, HiveServer2, SQL
>    Affects Versions: 0.14.0
>            Reporter: Prasad Mujumdar
>            Assignee: Prasad Mujumdar
>             Fix For: 0.15.0
>
>         Attachments: HIVE-8893.3.patch, HIVE-8893.4.patch, HIVE-8893.5.patch
>
>
> The udfs like reflect() or java_method() enables executing a java method as 
> udf. While this offers lot of flexibility in the standalone mode, it can 
> become a security loophole in a secure multiuser environment. For example, in 
>  HiveServer2 one can execute any available java code with user hive's 
> credentials.
> We need a whitelist and blacklist to restrict builtin udfs in Hiveserver2.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Commented] (HIVE-8893) Implement whitelist for builtin UDFs to avoid untrused code execution in multiuser mode

Reply via email to