hive-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Brock Noland (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HIVE-5253) Create component to compile and jar dynamic code
Date Mon, 30 Sep 2013 20:48:26 GMT

    [ https://issues.apache.org/jira/browse/HIVE-5253?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13782220#comment-13782220
] 

Brock Noland commented on HIVE-5253:
------------------------------------

Hey Ashutosh,

Upon first look I had the same concern. Then after thinking about it, I don't see how this
is different than the TRANSFORM() or normal UDF functionality. That is by default users can
execute arbitrary code and this work doesn't change that.  From a Sentry perspective, this
would have to be disabled due to it's execution model (i.e. executing as the hive user).

You did remind me that I forgot one comment I was thinking of. I think we should afford admins
who want to disable this functionality the ability to do so. Since such admins might want
to disable other commands such as add or dfs, it wouldn't be much trouble to allow them to
do this as well. For example we could have a configuration option "hive.available.commands"
(or similar) which specified add,set,delete,reset, etc by default. Then check this value in
CommandProcessorFactory. It would probably make sense to add this property to the restrict
list.

 Also regarding my comment above "It looks like something is wrong with TestCompileProcessor
in the patch? Look how the class appears to be concatenated to itself?" I see I was looking
at v9 not v10. That item should be ignored.

> Create component to compile and jar dynamic code
> ------------------------------------------------
>
>                 Key: HIVE-5253
>                 URL: https://issues.apache.org/jira/browse/HIVE-5253
>             Project: Hive
>          Issue Type: Sub-task
>            Reporter: Edward Capriolo
>            Assignee: Edward Capriolo
>         Attachments: HIVE-5253.10.patch.txt, HIVE-5253.1.patch.txt, HIVE-5253.3.patch.txt,
HIVE-5253.3.patch.txt, HIVE-5253.3.patch.txt, HIVE-5253.8.patch.txt, HIVE-5253.9.patch.txt,
HIVE-5253.patch.txt
>
>




--
This message was sent by Atlassian JIRA
(v6.1#6144)

Mime
View raw message