MoritzMuehlenhoff added a comment. In https://phabricator.wikimedia.org/T90115#1512306, @csteipp wrote:
> @Joe / @MoritzMuehlenhoff, ping again on this-- are you guys comfortable that > we can detect/contain Blazegraph if it gets exploited? Various countermeasures are mentioned, have they been implemented for the planned test deployment? - Limit memory usage of queries - Limit maximum duration of queries - Parsing the AST of the query to filter malicious queries It also seems useful to limit the number of parallel queries per IP. We'll be able to detect attacks against availability by our usual monitoring (availability would be my biggest concern for this scenario, I doubt there are many/other installations with a setup like this) We can implement a number of countermeasures to contain an attacker leveraging code injection inside BlazeGraph or through the JVM with the privileges of the BlazeGraph process. We need to make sure that Linux kernel updates on the BlazeGraph servers are possible without major impact/downtime to be able to quickly deploy fixes for Linux vulnerabilitiies allowing privilege escalation. TASK DETAIL https://phabricator.wikimedia.org/T90115 EMAIL PREFERENCES https://phabricator.wikimedia.org/settings/panel/emailpreferences/ To: csteipp, MoritzMuehlenhoff Cc: ksmith, JanZerebecki, Bene, MoritzMuehlenhoff, GWicke, Thompsonbry.systap, Smalyshev, Joe, Liuxinyu970226, csteipp, Beebs.systap, Haasepeter, Aklapper, Manybubbles, jkroll, Wikidata-bugs, Jdouglas, aude, Krenair, Malyacko, P.Copp _______________________________________________ Wikidata-bugs mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikidata-bugs
