Aleksey Plekhanov created IGNITE-13300: ------------------------------------------
Summary: Ignite sandbox vulnerability allows to execute user code in privileged proxy Key: IGNITE-13300 URL: https://issues.apache.org/jira/browse/IGNITE-13300 Project: Ignite Issue Type: Bug Components: security Affects Versions: 2.9 Reporter: Aleksey Plekhanov Assignee: Aleksey Plekhanov Ignite sandbox returns a privileged proxy for Ignite and some other system interfaces. If the user implements one of these interfaces and gets via privileged proxy an instance of implemented class, privileged proxy for user class will be returned. Reproducer: {code:java} public void testPrivelegedUserObject() throws Exception { grid(CLNT_FORBIDDEN_WRITE_PROP).getOrCreateCache(DEFAULT_CACHE_NAME).put(0, new TestIterator<>()); runForbiddenOperation(() -> grid(CLNT_FORBIDDEN_WRITE_PROP).compute().run(() -> { GridIterator<?> it = (GridIterator<?>)Ignition.localIgnite().cache(DEFAULT_CACHE_NAME).get(0); it.iterator(); }), AccessControlException.class); } public static class TestIterator<T> extends GridIterableAdapter<T> { public TestIterator() { super(Collections.emptyIterator()); } @Override public GridIterator<T> iterator() { controlAction(); return super.iterator(); } } {code} -- This message was sent by Atlassian Jira (v8.3.4#803005)