Security risks of Hive user-defined functions

Learn about the potential security vulnerabilities associated with granting certain Hive privileges, such as TEMPUDFADMIN and SELECT, to avoid unauthorized code execution.

You can use Hive user-defined functions (UDFs) to perform custom data processing, but granting certain privileges might expose your Hive service to security vulnerabilities.

Risks of the TEMPUDFADMIN privilege

The TEMPUDFADMIN privilege allows you to create and invoke temporary functions without additional controls. Because temporary functions can be named differently than the blacklisted UDFs (hive.server2.builtin.udf.blacklist) they can bypass these restrictions, a user with this privilege can execute arbitrary code under the Hive service user. This access might lead to the exposure of sensitive HDFS data or the unauthorized use of the Hive Kerberos ticket.

Risks of the SELECT privilege

The SELECT privilege on a function acts as a safety gate.If you grant SELECT access to a function that points to malicious or risky code, you can inadvertently give a user access to sensitive data. Cloudera recommends that Ranger administrators review the function class and underlying code before granting this privilege.