You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@cassandra.apache.org by jb...@apache.org on 2015/05/28 00:02:27 UTC

[1/3] cassandra git commit: Explain that UDF security manager will be coming in 3.0

Repository: cassandra
Updated Branches:
  refs/heads/cassandra-2.2 7aafe053e -> 61bea5a0d
  refs/heads/trunk d91eb0116 -> 03f556ffa


Explain that UDF security manager will be coming in 3.0


Project: http://git-wip-us.apache.org/repos/asf/cassandra/repo
Commit: http://git-wip-us.apache.org/repos/asf/cassandra/commit/61bea5a0
Tree: http://git-wip-us.apache.org/repos/asf/cassandra/tree/61bea5a0
Diff: http://git-wip-us.apache.org/repos/asf/cassandra/diff/61bea5a0

Branch: refs/heads/cassandra-2.2
Commit: 61bea5a0d944ef446c0187796db7b33f0d872da5
Parents: 7aafe05
Author: Jonathan Ellis <jb...@apache.org>
Authored: Wed May 27 17:02:01 2015 -0500
Committer: Jonathan Ellis <jb...@apache.org>
Committed: Wed May 27 17:02:06 2015 -0500

----------------------------------------------------------------------
 NEWS.txt            | 11 ++++++++---
 conf/cassandra.yaml |  6 ++++--
 2 files changed, 12 insertions(+), 5 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cassandra/blob/61bea5a0/NEWS.txt
----------------------------------------------------------------------
diff --git a/NEWS.txt b/NEWS.txt
index 98f0499..cc80cc1 100644
--- a/NEWS.txt
+++ b/NEWS.txt
@@ -53,9 +53,14 @@ New features
      been added to CQL.
      ************************************************************************
      IMPORTANT NOTE: user-defined functions can be used to execute
-     arbitrary and possibly evil code in Cassandra 2.2-beta1.
-     To enable UDFs edit cassandra.yaml and set enable_user_defined_functions
-     to true. CASSANDRA-9402 will add a security manager for UDFs.
+     arbitrary and possibly evil code in Cassandra 2.2, and are
+     therefore disabled by default.  To enable UDFs edit
+     cassandra.yaml and set enable_user_defined_functions to true.
+
+     CASSANDRA-9402 will add a security manager for UDFs in Cassandra
+     3.0.  This will inherently be backwards-incompatible with any 2.2
+     UDF that perform insecure operations such as opening a socket or
+     writing to the filesystem.
      ************************************************************************
    - Row-cache is now fully off-heap.
    - jemalloc is now automatically preloaded and used on Linux and OS-X if

http://git-wip-us.apache.org/repos/asf/cassandra/blob/61bea5a0/conf/cassandra.yaml
----------------------------------------------------------------------
diff --git a/conf/cassandra.yaml b/conf/cassandra.yaml
index fb103fa..04a78bd 100644
--- a/conf/cassandra.yaml
+++ b/conf/cassandra.yaml
@@ -845,6 +845,8 @@ tracetype_query_ttl: 86400
 tracetype_repair_ttl: 604800
 
 # UDFs (user defined functions) are disabled by default.
-# As of Cassandra 2.2-beta1, there is no security manager or anything else in place that
-# prevents execution of evil code. CASSANDRA-9402 will fix this issue for Cassandra 2.2-rc1.
+# As of Cassandra 2.2, there is no security manager or anything else in place that
+# prevents execution of evil code. CASSANDRA-9402 will fix this issue for Cassandra 3.0.
+# This will inherently be backwards-incompatible with any 2.2 UDF that perform insecure
+# operations such as opening a socket or writing to the filesystem.
 enable_user_defined_functions: false

[2/3] cassandra git commit: Explain that UDF security manager will be coming in 3.0

Posted by jb...@apache.org.

Explain that UDF security manager will be coming in 3.0


Project: http://git-wip-us.apache.org/repos/asf/cassandra/repo
Commit: http://git-wip-us.apache.org/repos/asf/cassandra/commit/61bea5a0
Tree: http://git-wip-us.apache.org/repos/asf/cassandra/tree/61bea5a0
Diff: http://git-wip-us.apache.org/repos/asf/cassandra/diff/61bea5a0

Branch: refs/heads/trunk
Commit: 61bea5a0d944ef446c0187796db7b33f0d872da5
Parents: 7aafe05
Author: Jonathan Ellis <jb...@apache.org>
Authored: Wed May 27 17:02:01 2015 -0500
Committer: Jonathan Ellis <jb...@apache.org>
Committed: Wed May 27 17:02:06 2015 -0500

----------------------------------------------------------------------
 NEWS.txt            | 11 ++++++++---
 conf/cassandra.yaml |  6 ++++--
 2 files changed, 12 insertions(+), 5 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cassandra/blob/61bea5a0/NEWS.txt
----------------------------------------------------------------------
diff --git a/NEWS.txt b/NEWS.txt
index 98f0499..cc80cc1 100644
--- a/NEWS.txt
+++ b/NEWS.txt
@@ -53,9 +53,14 @@ New features
      been added to CQL.
      ************************************************************************
      IMPORTANT NOTE: user-defined functions can be used to execute
-     arbitrary and possibly evil code in Cassandra 2.2-beta1.
-     To enable UDFs edit cassandra.yaml and set enable_user_defined_functions
-     to true. CASSANDRA-9402 will add a security manager for UDFs.
+     arbitrary and possibly evil code in Cassandra 2.2, and are
+     therefore disabled by default.  To enable UDFs edit
+     cassandra.yaml and set enable_user_defined_functions to true.
+
+     CASSANDRA-9402 will add a security manager for UDFs in Cassandra
+     3.0.  This will inherently be backwards-incompatible with any 2.2
+     UDF that perform insecure operations such as opening a socket or
+     writing to the filesystem.
      ************************************************************************
    - Row-cache is now fully off-heap.
    - jemalloc is now automatically preloaded and used on Linux and OS-X if

http://git-wip-us.apache.org/repos/asf/cassandra/blob/61bea5a0/conf/cassandra.yaml
----------------------------------------------------------------------
diff --git a/conf/cassandra.yaml b/conf/cassandra.yaml
index fb103fa..04a78bd 100644
--- a/conf/cassandra.yaml
+++ b/conf/cassandra.yaml
@@ -845,6 +845,8 @@ tracetype_query_ttl: 86400
 tracetype_repair_ttl: 604800
 
 # UDFs (user defined functions) are disabled by default.
-# As of Cassandra 2.2-beta1, there is no security manager or anything else in place that
-# prevents execution of evil code. CASSANDRA-9402 will fix this issue for Cassandra 2.2-rc1.
+# As of Cassandra 2.2, there is no security manager or anything else in place that
+# prevents execution of evil code. CASSANDRA-9402 will fix this issue for Cassandra 3.0.
+# This will inherently be backwards-incompatible with any 2.2 UDF that perform insecure
+# operations such as opening a socket or writing to the filesystem.
 enable_user_defined_functions: false

[3/3] cassandra git commit: Merge branch 'cassandra-2.2' into trunk

Posted by jb...@apache.org.

Merge branch 'cassandra-2.2' into trunk


Project: http://git-wip-us.apache.org/repos/asf/cassandra/repo
Commit: http://git-wip-us.apache.org/repos/asf/cassandra/commit/03f556ff
Tree: http://git-wip-us.apache.org/repos/asf/cassandra/tree/03f556ff
Diff: http://git-wip-us.apache.org/repos/asf/cassandra/diff/03f556ff

Branch: refs/heads/trunk
Commit: 03f556ffa8718754fe4eb329af2002d83ffc7147
Parents: d91eb01 61bea5a
Author: Jonathan Ellis <jb...@apache.org>
Authored: Wed May 27 17:02:12 2015 -0500
Committer: Jonathan Ellis <jb...@apache.org>
Committed: Wed May 27 17:02:12 2015 -0500

----------------------------------------------------------------------
 NEWS.txt            | 11 ++++++++---
 conf/cassandra.yaml |  6 ++++--
 2 files changed, 12 insertions(+), 5 deletions(-)
----------------------------------------------------------------------