[jira] [Commented] (HIVE-4887) hive should have an option to disable non sql commands that impose security risk

Wed, 20 Nov 2013 10:03:28 -0800 

    [ 
https://issues.apache.org/jira/browse/HIVE-4887?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13827890#comment-13827890
 ] 

Prasad Mujumdar commented on HIVE-4887:
---------------------------------------

hmm .. I don't think the HiveServer2 client can submit a shell command to the 
server directly. The IDL doesn't include any RPC call for that. You execute 
commands like 'dfs -rm /user/hive/warehouse/tab1' via ExecuteStatement() 
interface. HiveServer2 (similar to CLI), supports non-sql commands like DFS, 
SET, RESET, ADD, DELET. Anything other than that will be directed to compiler.

Beeline treats '!' as escape sequence. Some of the commands are translated to 
JDBC metadata requests (eg !tables will make beeline call 
DatabaseMetaData.getTables()). However beeline won't redirect a shell command 
to HS2. If you are on the a cluster node with HDFS access, then you can execute 
shell operations. But those will be with your credentials and not as hive.

[~thejas] I apologize if I completely misunderstood your point and rambling 
something here ..

> hive should have an option to disable non sql commands that impose security 
> risk
> --------------------------------------------------------------------------------
>
>                 Key: HIVE-4887
>                 URL: https://issues.apache.org/jira/browse/HIVE-4887
>             Project: Hive
>          Issue Type: Task
>          Components: Authorization, Security
>            Reporter: Thejas M Nair
>
> Hive's RDBMS style of authorization (using grant/revoke), relies on all data 
> access being done through hive select queries. But hive also supports running 
> dfs commands, shell commands (eg "!cat file"), and shell commands through 
> hive streaming.
> This creates problems in securing a hive server using this authorization 
> model. UDF is another way to write custom code that can compromise security, 
> but you can control that by restricting access to users to be only through 
> jdbc connection to hive server (2).
> (note that there are other major problems such as this one - HIVE-3271)



--
This message was sent by Atlassian JIRA
(v6.1#6144)

Reply via email to