[ https://issues.apache.org/jira/browse/IGNITE-13300?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Aleksey Plekhanov resolved IGNITE-13300. ---------------------------------------- Fix Version/s: 2.9 Resolution: Fixed [~garus.d.g], thanks for the review! Merged to master, cherry-picked to 2.9. > Ignite sandbox vulnerability allows to execute user code in privileged proxy > ---------------------------------------------------------------------------- > > Key: IGNITE-13300 > URL: https://issues.apache.org/jira/browse/IGNITE-13300 > Project: Ignite > Issue Type: Bug > Components: security > Affects Versions: 2.9 > Reporter: Aleksey Plekhanov > Assignee: Aleksey Plekhanov > Priority: Critical > Labels: iep-38, sandbox > Fix For: 2.9 > > Time Spent: 10m > Remaining Estimate: 0h > > Ignite sandbox returns a privileged proxy for Ignite and some other system > interfaces. If the user implements one of these interfaces and gets via > privileged proxy an instance of implemented class, privileged proxy for user > class will be returned. > Reproducer: > {code:java} > public class PrivilegedProxyTest extends AbstractSandboxTest { > public void testPrivelegedUserObject() throws Exception { > > grid(CLNT_FORBIDDEN_WRITE_PROP).getOrCreateCache(DEFAULT_CACHE_NAME).put(0, > new TestIterator<>()); > runForbiddenOperation(() -> > grid(CLNT_FORBIDDEN_WRITE_PROP).compute().run(() -> { > GridIterator<?> it = > (GridIterator<?>)Ignition.localIgnite().cache(DEFAULT_CACHE_NAME).get(0); > it.iterator(); > }), AccessControlException.class); > } > public static class TestIterator<T> extends GridIterableAdapter<T> { > public TestIterator() { > super(Collections.emptyIterator()); > } > @Override public GridIterator<T> iterator() { > controlAction(); > return super.iterator(); > } > } > } > {code} -- This message was sent by Atlassian Jira (v8.3.4#803005)