Uploaded image for project: 'Hive'
  1. Hive
  2. HIVE-22150

HS2 allows setting system properties

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Patch Available
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: 4.0.0, 3.1.1
    • Fix Version/s: None
    • Component/s: HiveServer2
    • Labels:
      None

      Description

      HiveServer2 currently allows setting system properties, which is a problem when used in a multi-user environment.

      Connecting via beeline and executing the following demonstrates the issue:

      0: jdbc:hive2://serv1000.example.com:2181,serv> SET system:java.io.tmpdir;
      +-----------------------------+
      |             set             |
      +-----------------------------+
      | system:java.io.tmpdir=/tmp  |
      +-----------------------------+
      1 row selected (0.018 seconds)
      0: jdbc:hive2://serv1000.example.com:2181,serv> SET system:java.io.tmpdir=/tmp/attacker-dir;
      No rows affected (0.013 seconds)
      0: jdbc:hive2://serv1000.example.com:2181,serv> SET system:java.io.tmpdir;
      +------------------------------------------+
      |                   set                    |
      +------------------------------------------+
      | system:java.io.tmpdir=/tmp/attacker-dir  |
      +------------------------------------------+
      1 row selected (0.019 seconds)
      

      Any changes persist until HS2 is restarted, and affect all connected users. At the very least, this is a denial-of-service vector (verified by setting line.separator to a random string).

        Attachments

        1. HIVE-22150.patch.2
          6 kB
          Hui An
        2. HIVE-22150.patch.1
          4 kB
          Hui An

          Activity

            People

            • Assignee:
              Bone An Hui An
              Reporter:
              ccondit Craig Condit
            • Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

              • Created:
                Updated: