You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@nifi.apache.org by "Mike R (Jira)" <ji...@apache.org> on 2022/04/19 19:25:00 UTC

[jira] [Comment Edited] (NIFI-9937) Prevent NiFi From Deleting Its Own Configuration Files

    [ https://issues.apache.org/jira/browse/NIFI-9937?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17524557#comment-17524557 ] 

Mike R edited comment on NIFI-9937 at 4/19/22 7:24 PM:
-------------------------------------------------------

[~exceptionfactory] Thanks for the explanation. I could see than an attacker or someone who is new to or learning NiFi accidentally deleting the NiFi configuration files and then not having a method or way to restore the NiFi instances. Even if there were a way to have a notification to be like, "User David is trying to run GetFile against the NiFi config, which will delete the files, are you sure of this?" and if they clicked yes, then have NiFi save a backup just in case the files are deleted.

I am not trying to say that users shouldnt be able to delete the config files, but I am saying that there should be a way to prevent mistakes from deleting the configs. 

I understand that there are legitimate use cases for not doing this as there are performance considerations, but the worst case scenario is that an attacker can get the NiFi config files, delete them, and then send the data to /dev/null, which would overwrite the NiFi config files for the organization If done, the org running NiFi would then have to completely rebuild their NiFi configs, which could take a few hours.


was (Author: JIRAUSER287407):
[~exceptionfactory] Thanks for the explanation. I could see than an attacker or someone who is new to or learning NiFi accidentally deleting the NiFi configuration files and then not having a method or way to restore the NiFi instances. Even if there were a way to have a notification to be like, "User David is trying to run GetFile against the NiFi config, which will delete the files, are you sure of this?" and if they clicked yes, then have NiFi save a backup.

I understand that there are legitimate use cases for not doing this as there are performance considerations, but the worst case scenario is that an attacker can get the NiFi config files, delete them, and then send the data to /dev/null, which would overwrite the NiFi config files for the organization If done, the org running NiFi would then have to completely rebuild their NiFi configs, which could take a few hours.

> Prevent NiFi From Deleting Its Own Configuration Files
> ------------------------------------------------------
>
>                 Key: NIFI-9937
>                 URL: https://issues.apache.org/jira/browse/NIFI-9937
>             Project: Apache NiFi
>          Issue Type: Improvement
>    Affects Versions: 1.16.0, 1.15.3, 1.16.1
>         Environment: Linux and Windows
>            Reporter: Mike R
>            Priority: Major
>
> There should be a way for NiFi to be unable to delete the files in the .conf directory using the GetFile Processor. 
> This is meant as a way to prevent unintended deletion of the files in the directory by administrators and prevent attackers from using the GetFile processor to delete files in the directory.
> One way to do this would be accomplished is by changing the GetFile Processor to not delete any file from the .conf directory, regardless of the user selection. Another way is to change the permissions of the directory. Any solutions are welcome, but this should be resolved.



--
This message was sent by Atlassian Jira
(v8.20.7#820007)