[
https://issues.apache.org/jira/browse/NIFI-3050?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15677790#comment-15677790
]
ASF GitHub Bot commented on NIFI-3050:
--------------------------------------
GitHub user mcgilman opened a pull request:
https://github.com/apache/nifi/pull/1247
Introducing restricted components which require additional access
NIFI-3050:
- Introducing a Restricted annotation for components that require elevated
privileges to use.
- Updating the new Processor, Controller Service, and Reporting Task
dialogs to include these details and prevent unauthorized selection.
- Including the Restricted description in the generated component
documentation.
- Updating processor access control integration test to verify restricted
component creation.
- Updating the developer, user, and admin guide to include the restricted
component policy.
You can merge this pull request into a Git repository by running:
$ git pull https://github.com/mcgilman/nifi NIFI-3050
Alternatively you can review and apply these changes as the patch at:
https://github.com/apache/nifi/pull/1247.patch
To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:
This closes #1247
----
commit 890c42bb79d9b57ce7ed3e4d547337d76e741bc1
Author: Matt Gilman <[email protected]>
Date: 2016-11-18T21:19:04Z
NIFI-3050:
- Introducing a Restricted annotation for components that require elevated
privileges to use.
- Updating the new Processor, Controller Service, and Reporting Task
dialogs to include these details and prevent unauthorized selection.
- Including the Restricted description in the generated component
documentation.
- Updating processor access control integration test to verify restricted
component creation.
- Updating the developer, user, and admin guide to include the restricted
component policy.
----
> Restrict dangerous processors to special permission
> ---------------------------------------------------
>
> Key: NIFI-3050
> URL: https://issues.apache.org/jira/browse/NIFI-3050
> Project: Apache NiFi
> Issue Type: New Feature
> Components: Core Framework
> Affects Versions: 1.0.0
> Reporter: Andy LoPresto
> Assignee: Andy LoPresto
> Priority: Blocker
> Labels: security
> Fix For: 1.1.0
>
>
> As evidenced by [NIFI-3045] and other discoveries (e.g. using an
> {{ExecuteScript}} processor to iterate over a {{NiFiProperties}} instance
> after the application has already decrypted the sensitive properties from the
> {{nifi.properties}} file on disk, using a {{GetFile}} processor to retrieve
> {{/etc/passwd}}, etc.) NiFi is a powerful tool which can allow unauthorized
> users to perform malicious actions. While no tool as versatile as NiFi will
> ever be completely immune to insider threat, to further restrict the
> potential for abuse, certain processors should be designated as
> {{restricted}}, and these processors can only be added to the canvas or
> modified by users who, along with the proper permission to modify the canvas,
> have a special permission to interact with these "dangerous" processors.
> From the [Security Feature
> Roadmap|https://cwiki.apache.org/confluence/display/NIFI/Security+Feature+Roadmap]:
> {quote}
> Dangerous Processors
> * Processors which can directly affect behavior/configuration of NiFi/other
> services
> - {{GetFile}}
> - {{PutFile}}
> - {{ListFile}}
> - {{FetchFile}}
> - {{ExecuteScript}}
> - {{InvokeScriptedProcessor}}
> - {{ExecuteProcess}}
> - {{ExecuteStreamCommand}}
> * These processors should only be creatable/editable by users with special
> access control policy
> * Marked by {{@Restricted}} annotation on processor class
> * All flowfiles originating/passing through these processors have special
> attribute/protection
> * Perhaps *File processors can access a certain location by default but
> cannot access the root filesystem without special user permission?
> {quote}
> [~mcgilman] and I should have a PR for this tomorrow.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
