[ https://issues.apache.org/jira/browse/HIVE-8893?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14216052#comment-14216052 ]
Hive QA commented on HIVE-8893: ------------------------------- {color:red}Overall{color}: -1 at least one tests failed Here are the results of testing the latest attachment: https://issues.apache.org/jira/secure/attachment/12682121/HIVE-8893.5.patch {color:red}ERROR:{color} -1 due to 1 failed/errored test(s), 6650 tests executed *Failed tests:* {noformat} org.apache.hadoop.hive.cli.TestMiniTezCliDriver.testCliDriver_optimize_nullscan {noformat} Test results: http://ec2-174-129-184-35.compute-1.amazonaws.com/jenkins/job/PreCommit-HIVE-TRUNK-Build/1833/testReport Console output: http://ec2-174-129-184-35.compute-1.amazonaws.com/jenkins/job/PreCommit-HIVE-TRUNK-Build/1833/console Test logs: http://ec2-174-129-184-35.compute-1.amazonaws.com/logs/PreCommit-HIVE-TRUNK-Build-1833/ Messages: {noformat} Executing org.apache.hive.ptest.execution.PrepPhase Executing org.apache.hive.ptest.execution.ExecutionPhase Executing org.apache.hive.ptest.execution.ReportingPhase Tests exited with: TestsFailedException: 1 tests failed {noformat} This message is automatically generated. ATTACHMENT ID: 12682121 - PreCommit-HIVE-TRUNK-Build > Implement whitelist for builtin UDFs to avoid untrused code execution in > multiuser mode > --------------------------------------------------------------------------------------- > > Key: HIVE-8893 > URL: https://issues.apache.org/jira/browse/HIVE-8893 > Project: Hive > Issue Type: Bug > Components: Authorization, HiveServer2, SQL > Affects Versions: 0.14.0 > Reporter: Prasad Mujumdar > Assignee: Prasad Mujumdar > Fix For: 0.15.0 > > Attachments: HIVE-8893.3.patch, HIVE-8893.4.patch, HIVE-8893.5.patch > > > The udfs like reflect() or java_method() enables executing a java method as > udf. While this offers lot of flexibility in the standalone mode, it can > become a security loophole in a secure multiuser environment. For example, in > HiveServer2 one can execute any available java code with user hive's > credentials. > We need a whitelist and blacklist to restrict builtin udfs in Hiveserver2. -- This message was sent by Atlassian JIRA (v6.3.4#6332)