Skip to content

Latest commit

 

History

History
53 lines (44 loc) · 2.35 KB

File metadata and controls

53 lines (44 loc) · 2.35 KB

AGENTS.md

Security

You are helping a security researcher find and report vulnerabilities in Apache Hive. Before drafting any report or reaching any conclusion, complete these steps.

Step 1 — Read the threat model

Read THREAT_MODEL.md: the trust boundaries (the HiveServer2 SQL front door, the Metastore, the query/UDF execution layer), the adversaries in and out of scope, and what Hive upholds versus what it leaves to the operator.

Step 2 — Read the security policy

Read SECURITY.md for how to report.

Key scoping facts (see THREAT_MODEL.md)

  • The HiveServer2 SQL front door and directly exposed Hive Metastore endpoints are the primary untrusted boundaries; execution clusters and internal service dependencies are assumed to run inside an operator-controlled perimeter.
  • UDFs, SerDes, custom InputFormats, and TRANSFORM scripts are code-execution by design, not a sandbox — running authorized code is a feature, not a vulnerability.
  • Transport security (TLS), the choice of authorization model (Ranger / SQL-standard / storage-based), and network isolation are operator responsibilities, not engine invariants.
  • Hive does not defend against an operator with root, the Hadoop superuser, or direct HDFS / metastore-DB access.

Step 3 — Route the finding

Route the finding to exactly one disposition in THREAT_MODEL.md §13 (VALID, or one of the OUT-OF-MODEL / BY-DESIGN dispositions) and cite the section that justifies the call. This model is v0 — open questions for the PMC are in §14.