accumulo-notifications mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "John Stoneham (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (ACCUMULO-1188) Sandbox iterators
Date Fri, 06 Sep 2013 18:03:51 GMT

    [ https://issues.apache.org/jira/browse/ACCUMULO-1188?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13760440#comment-13760440
] 

John Stoneham commented on ACCUMULO-1188:
-----------------------------------------

It would be helpful to have iterators running in a Java security sandbox as well. That way,
we could write iterators that could receive custom scripts (Groovy, Clojure, JSR223, whatever)
as parameters, without having to be vulnerable to some user passing System.exec("rm -rf /").
(Say, a user that's trusted to call into Accumulo but not to have access to the tserver directly.)
                
> Sandbox iterators
> -----------------
>
>                 Key: ACCUMULO-1188
>                 URL: https://issues.apache.org/jira/browse/ACCUMULO-1188
>             Project: Accumulo
>          Issue Type: Bug
>            Reporter: Keith Turner
>             Fix For: 1.6.0
>
>         Attachments: ACCUMULO-1188_fig1.png
>
>
> It's possible that a user iterator can bring down a tablet server.  For example if it
has an OOM or creates too many threads.  It would be nice if iterators could be sandboxed
in some way.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message