Aleksey Plekhanov created IGNITE-13300:
------------------------------------------
Summary: Ignite sandbox vulnerability allows to execute user code in privileged proxy
Key: IGNITE-13300
URL:
https://issues.apache.org/jira/browse/IGNITE-13300 Project: Ignite
Issue Type: Bug
Components: security
Affects Versions: 2.9
Reporter: Aleksey Plekhanov
Assignee: Aleksey Plekhanov
Ignite sandbox returns a privileged proxy for Ignite and some other system interfaces. If the user implements one of these interfaces and gets via privileged proxy an instance of implemented class, privileged proxy for user class will be returned.
Reproducer:
{code:java}
public void testPrivelegedUserObject() throws Exception {
grid(CLNT_FORBIDDEN_WRITE_PROP).getOrCreateCache(DEFAULT_CACHE_NAME).put(0, new TestIterator<>());
runForbiddenOperation(() -> grid(CLNT_FORBIDDEN_WRITE_PROP).compute().run(() -> {
GridIterator<?> it = (GridIterator<?>)Ignition.localIgnite().cache(DEFAULT_CACHE_NAME).get(0);
it.iterator();
}), AccessControlException.class);
}
public static class TestIterator<T> extends GridIterableAdapter<T> {
public TestIterator() {
super(Collections.emptyIterator());
}
@Override public GridIterator<T> iterator() {
controlAction();
return super.iterator();
}
}
{code}
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
Locked
