cassandra-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Robert Stupp (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (CASSANDRA-9402) Implement proper sandboxing for UDFs
Date Sun, 24 May 2015 09:39:18 GMT

    [ https://issues.apache.org/jira/browse/CASSANDRA-9402?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14557692#comment-14557692
] 

Robert Stupp commented on CASSANDRA-9402:
-----------------------------------------

I ran a standard [perf test on cstar|http://cstar.datastax.com/graph?stats=18a419f0-019c-11e5-af5c-42010af0688f&metric=op_rate&operation=1_write&smoothing=1&show_aggregates=true&xmin=0&xmax=216.37&ymin=0&ymax=133049.4]
to compare "pure C*" against "C* with a security manager w/ just {{AllPermission}}.

Performance regression for writes is about 3% and for 1% for writes.

Background: unfortunately it's only possible to use one "monolithic" {{SecurityManager}} in
the whole VM. I found no way to use a security manager just during the execution of UDFs.
The additional "critical paths" traveled for checking permissions is {{java.security.AccessController#checkPermission}}
and {{java.security.AccessControlContext#checkPermission}}. (Permissions ({{ProtectionDomain}})
are "attached" to classes not to threads.)

> Implement proper sandboxing for UDFs
> ------------------------------------
>
>                 Key: CASSANDRA-9402
>                 URL: https://issues.apache.org/jira/browse/CASSANDRA-9402
>             Project: Cassandra
>          Issue Type: Task
>            Reporter: T Jake Luciani
>            Assignee: Robert Stupp
>            Priority: Critical
>             Fix For: 2.2.0 rc1
>
>
> We want to avoid a security exploit for our users.  We need to make sure we ship 2.2
UDFs with good defaults so someone exposing it to the internet accidentally doesn't open themselves
up to having arbitrary code run.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message