[
https://issues.apache.org/jira/browse/NIFI-9937?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17524557#comment-17524557
]
Mike R edited comment on NIFI-9937 at 4/19/22 7:24 PM:
-------------------------------------------------------
[~exceptionfactory] Thanks for the explanation. I could see than an attacker or
someone who is new to or learning NiFi accidentally deleting the NiFi
configuration files and then not having a method or way to restore the NiFi
instances. Even if there were a way to have a notification to be like, "User
David is trying to run GetFile against the NiFi config, which will delete the
files, are you sure of this?" and if they clicked yes, then have NiFi save a
backup just in case the files are deleted.
I am not trying to say that users shouldnt be able to delete the config files,
but I am saying that there should be a way to prevent mistakes from deleting
the configs.
I understand that there are legitimate use cases for not doing this as there
are performance considerations, but the worst case scenario is that an attacker
can get the NiFi config files, delete them, and then send the data to
/dev/null, which would overwrite the NiFi config files for the organization If
done, the org running NiFi would then have to completely rebuild their NiFi
configs, which could take a few hours.
was (Author: JIRAUSER287407):
[~exceptionfactory] Thanks for the explanation. I could see than an attacker or
someone who is new to or learning NiFi accidentally deleting the NiFi
configuration files and then not having a method or way to restore the NiFi
instances. Even if there were a way to have a notification to be like, "User
David is trying to run GetFile against the NiFi config, which will delete the
files, are you sure of this?" and if they clicked yes, then have NiFi save a
backup.
I understand that there are legitimate use cases for not doing this as there
are performance considerations, but the worst case scenario is that an attacker
can get the NiFi config files, delete them, and then send the data to
/dev/null, which would overwrite the NiFi config files for the organization If
done, the org running NiFi would then have to completely rebuild their NiFi
configs, which could take a few hours.
> Prevent NiFi From Deleting Its Own Configuration Files
> ------------------------------------------------------
>
> Key: NIFI-9937
> URL: https://issues.apache.org/jira/browse/NIFI-9937
> Project: Apache NiFi
> Issue Type: Improvement
> Affects Versions: 1.16.0, 1.15.3, 1.16.1
> Environment: Linux and Windows
> Reporter: Mike R
> Priority: Major
>
> There should be a way for NiFi to be unable to delete the files in the .conf
> directory using the GetFile Processor.
> This is meant as a way to prevent unintended deletion of the files in the
> directory by administrators and prevent attackers from using the GetFile
> processor to delete files in the directory.
> One way to do this would be accomplished is by changing the GetFile Processor
> to not delete any file from the .conf directory, regardless of the user
> selection. Another way is to change the permissions of the directory. Any
> solutions are welcome, but this should be resolved.
--
This message was sent by Atlassian Jira
(v8.20.7#820007)
