[jira] [Commented] (HIVE-21584) Java 11 preparation: system class loader is not URLClassLoader

Wed, 10 Apr 2019 02:53:17 -0700 


    [ 
https://issues.apache.org/jira/browse/HIVE-21584?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16814274#comment-16814274
 ] 

Zoltan Matyus commented on HIVE-21584:
--------------------------------------

bq. org.apache.hadoop.hive.ql.exec.Utilities.createUDFClassLoader(ClassLoader, 
String[]) creates a org.apache.hadoop.hive.ql.exec.UDFClassLoader classloader, 
which should be performed within a doPrivileged block At 
Utilities.java:classloader, which should be performed within a doPrivileged 
block At Utilities.java:[line 2126]
Creating class loader is not new functionality, but now that I modified the 
code, FindBugs complains. This could be solved fairly easily, by hiding the 
{{AccessController.doPrivileged}} call in the CreateUDFClassLoader method. 
However, Oracle [strongly 
recommends|https://docs.oracle.com/javase/8/docs/technotes/guides/security/doprivileged.html]
 not to do this:
bq. Do not be tempted to write a utility class that itself calls doPrivileged 
as that could lead to security holes. You can write utility classes for 
PrivilegedAction classes though, as shown in the preceding example.
I followed this approach, which meant a small change at each caller's location. 
Also, I merged the addToClassPath and the createNewClassLoader functionality 
into an AddToClassPath action with a forceNewClassLoader flag...

> Java 11 preparation: system class loader is not URLClassLoader
> --------------------------------------------------------------
>
>                 Key: HIVE-21584
>                 URL: https://issues.apache.org/jira/browse/HIVE-21584
>             Project: Hive
>          Issue Type: Task
>          Components: Hive
>    Affects Versions: 4.0.0
>            Reporter: Zoltan Matyus
>            Assignee: Zoltan Matyus
>            Priority: Major
>         Attachments: HIVE-21584.01.patch, HIVE-21584.02.patch
>
>
> Currently, Hive assumes that the system class loader is instance of 
> {{URLClassLoader}}. In Java 11 this is not the case. There are a few 
> (unresolved) JIRAs about specific occurrences of {{URLClassLoader}} (e.g. 
> [HIVE-21237|https://issues.apache.org/jira/browse/HIVE-21237], 
> [HIVE-17909|https://issues.apache.org/jira/browse/HIVE-17909]), but no 
> _"remove all occurrences"_. Also I couldn't find umbrella "Java 11 upgrade" 
> JIRA.
> This ticket is to remove all unconditional casts of any random class loader 
> to {{URLClassLoader}}.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Reply via email to