[
https://issues.apache.org/jira/browse/CASSANDRA-9889?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14641466#comment-14641466
]
Robert Stupp commented on CASSANDRA-9889:
-----------------------------------------
But having CREATE UNTRUSTED/UNFENCED for Java-UDFs means to bypass the sandbox
(security-manager, class/package access control and async-execution (to detect
things like _while (true) {}_) - plus CASSANDRA-9890 for Java UDFs).
For script languages it is at least a basic level of protection against obvious
things. Requiring that permission for script-UDFs would effectively always
disable the sandbox for them.
What about another option - a CREATE SCRIPTED permission?
> Disable scripted UDFs by default
> --------------------------------
>
> Key: CASSANDRA-9889
> URL: https://issues.apache.org/jira/browse/CASSANDRA-9889
> Project: Cassandra
> Issue Type: Improvement
> Reporter: Robert Stupp
> Assignee: Robert Stupp
> Priority: Minor
> Fix For: 3.0.0 rc1
>
>
> (Follow-up to CASSANDRA-9402)
> TL;DR this ticket is about to add an other config option to enable scripted
> UDFs.
> Securing Java-UDFs is much easier than scripted UDFs.
> The secure execution of scripted UDFs heavily relies on "how secure" a
> particular script provider implementation is. Nashorn is probably pretty good
> at this - but (as discussed offline with [~iamaleksey]) we are not certain.
> This becomes worse with other JSR-223 providers (which need to be installed
> by the user anyway).
> E.g.:
> {noformat}
> # Enables use of scripted UDFs.
> # Java UDFs are always enabled, if enable_user_defined_functions is true.
> # Enable this option to be able to use UDFs with "language javascript" or any
> custom JSR-223 provider.
> enable_scripted_user_defined_functions: false
> {noformat}
> TBH: I would feel more comfortable to have this one. But we should review
> this along with enable_user_defined_functions for 4.0.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)