Aleksey Plekhanov created IGNITE-13300:
------------------------------------------

             Summary: Ignite sandbox vulnerability allows to execute user code 
in privileged proxy
                 Key: IGNITE-13300
                 URL: https://issues.apache.org/jira/browse/IGNITE-13300
             Project: Ignite
          Issue Type: Bug
          Components: security
    Affects Versions: 2.9
            Reporter: Aleksey Plekhanov
            Assignee: Aleksey Plekhanov


Ignite sandbox returns a privileged proxy for Ignite and some other system 
interfaces. If the user implements one of these interfaces and gets via 
privileged proxy an instance of implemented class, privileged proxy for user 
class will be returned.
Reproducer:

{code:java}
    public void testPrivelegedUserObject() throws Exception {
        
grid(CLNT_FORBIDDEN_WRITE_PROP).getOrCreateCache(DEFAULT_CACHE_NAME).put(0, new 
TestIterator<>());

        runForbiddenOperation(() -> 
grid(CLNT_FORBIDDEN_WRITE_PROP).compute().run(() -> {
            GridIterator<?> it = 
(GridIterator<?>)Ignition.localIgnite().cache(DEFAULT_CACHE_NAME).get(0);

            it.iterator();
        }), AccessControlException.class);
    }

    public static class TestIterator<T> extends GridIterableAdapter<T> {
        public TestIterator() {
            super(Collections.emptyIterator());
        }

        @Override public GridIterator<T> iterator() {
            controlAction();

            return super.iterator();
        }
    }
{code}




--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Reply via email to