[
https://issues.apache.org/jira/browse/HIVE-20644?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16630115#comment-16630115
]
ASF GitHub Bot commented on HIVE-20644:
---------------------------------------
GitHub user ashutosh-bapat opened a pull request:
https://github.com/apache/hive/pull/439
HIVE-20644: Avoid exposing sensitive infomation through a Hive Runtime
exception (Ashutosh Bapat)
You can merge this pull request into a Git repository by running:
$ git pull https://github.com/ashutosh-bapat/hive hive20644
Alternatively you can review and apply these changes as the patch at:
https://github.com/apache/hive/pull/439.patch
To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:
This closes #439
----
commit f5c4b22ebbfc4893b2aa436d9ea9b4241f04340b
Author: Ashutosh Bapat <ashutosh.bapat.oss@...>
Date: 2018-09-27T05:51:52Z
HIVE-20644: Avoid exposing sensitive infomation through a Hive Runtime
exception (Ashutosh Bapat)
----
> Avoid exposing sensitive infomation through a Hive Runtime exception
> --------------------------------------------------------------------
>
> Key: HIVE-20644
> URL: https://issues.apache.org/jira/browse/HIVE-20644
> Project: Hive
> Issue Type: Improvement
> Components: HiveServer2
> Reporter: Ashutosh Bapat
> Assignee: Ashutosh Bapat
> Priority: Minor
> Labels: pull-request-available
>
> The HiveException raised from the following methods is exposing the datarow
> the caused the run time exception.
> # ReduceRecordSource::GroupIterator::next() - around line 372
> # MapOperator::process() - around line 567
> # ExecReducer::reduce() - around line 243
> In all the cases, a string representation of the row is constructed on the
> fly and is included in
> the error message.
> VectorMapOperator::process() - around line 973 raises the same exception but
> it's not exposing the row since the row contents are not included in the
> error message.
> While trying to reproduce above error, I also found that the arguments to a
> UDF get exposed in log messages from FunctionRegistry::invoke() around line
> 1114. This too can cause sensitive information to be leaked through error
> message.
> This way some sensitive information is leaked to a user through exception
> message. That information may not be available to the user otherwise. Hence
> it's a kind of security breach or violation of access control.
> The contents of the row or the arguments to a function may be useful for
> debugging and hence it's worth to add those to logs. Hence proposal here to
> log a separate message with log level DEBUG or INFO containing the string
> representation of the row. Users can configure their logging so that
> DEBUG/INFO messages do not go to the client but at the same time are
> available in the hive server logs for debugging. The actual exception message
> will not contain any sensitive data like row data or argument data.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
