You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@hive.apache.org by "ASF GitHub Bot (Jira)" <ji...@apache.org> on 2022/06/27 09:03:00 UTC

[jira] [Work logged] (HIVE-26259) Alter Function does not update resource uris

     [ https://issues.apache.org/jira/browse/HIVE-26259?focusedWorklogId=784995&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-784995 ]

ASF GitHub Bot logged work on HIVE-26259:
-----------------------------------------

                Author: ASF GitHub Bot
            Created on: 27/Jun/22 09:02
            Start Date: 27/Jun/22 09:02
    Worklog Time Spent: 10m 
      Work Description: pvary commented on PR #3316:
URL: https://github.com/apache/hive/pull/3316#issuecomment-1167081867

   We should check around the security here.
   I just realized that changing the resource URIs could allow to inject malicious code under a function, so in most live clusters this should be rejected for regular users, and only admins should do this.




Issue Time Tracking
-------------------

    Worklog Id:     (was: 784995)
    Time Spent: 50m  (was: 40m)

> Alter Function does not update resource uris
> --------------------------------------------
>
>                 Key: HIVE-26259
>                 URL: https://issues.apache.org/jira/browse/HIVE-26259
>             Project: Hive
>          Issue Type: Bug
>          Components: Hive
>    Affects Versions: 3.1.2
>            Reporter: Wechar
>            Assignee: Wechar
>            Priority: Major
>              Labels: pull-request-available
>             Fix For: 4.0.0-alpha-2
>
>          Time Spent: 50m
>  Remaining Estimate: 0h
>
> *Bug Description:*
> The jar of Hive permanent UDF can be loaded based on the resource uris, but we encountered an issue after changing the resource uris through spark-sql:
> {code:sql}
> CREATE OR REPLACE FUNCTION test_db.test_udf AS 'com.xxx.xxx'
> USING JAR 'hdfs://path/to/jar';
> {code}
> Then when we use the UDF `test_db.test_udf`, an error occured like this:
> {code:sh}
> Error in query: Can not load class 'com.xxx.xxx' when registering the function 'test_db.test_udf'...
> {code}
> *Root Cause:*
> Hive metastore does not update resource uris while executing `alter_function()`, which should be included and will not make any side effect.



--
This message was sent by Atlassian Jira
(v8.20.7#820007)