[ https://issues.apache.org/jira/browse/HIVE-14889?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Sergio Peña updated HIVE-14889: ------------------------------- Resolution: Fixed Fix Version/s: 2.1.1 2.2.0 Status: Resolved (was: Patch Available) Thanks [~vihangk1]. I committed the patch to master and branch-2.1 > Beeline leaks sensitive environment variables of HiveServer2 when you type > set; > ------------------------------------------------------------------------------- > > Key: HIVE-14889 > URL: https://issues.apache.org/jira/browse/HIVE-14889 > Project: Hive > Issue Type: Bug > Components: Beeline > Reporter: Vihang Karajgaonkar > Assignee: Vihang Karajgaonkar > Fix For: 2.2.0, 2.1.1 > > Attachments: HIVE-14889.1.patch, HIVE-14889.2.patch > > > When you type set; beeline prints all the environment variables including > passwords which could be major security risk. Eg: HADOOP_CREDENTIAL_PASSWORD > below is leaked. > {noformat} > | env:HADOOP_CREDSTORE_PASSWORD=password | > | env:HADOOP_DATANODE_OPTS=-Dhadoop.security.logger=ERROR,RFAS | > | env:HADOOP_HOME_WARN_SUPPRESS=true | > | env:HADOOP_IDENT_STRING=vihang | > | env:HADOOP_PID_DIR= | > {noformat} -- This message was sent by Atlassian JIRA (v6.3.4#6332)