Changing the H2 user in Apache Ignite

Question

I want to start by saying that I have never used Apache Ignite and only briefly played around with H2. I have a client who uses Ignite and in their own code they interact with the H2 database in Ignite. The code is very complex so it's hard for me to explain exactly what their code uses the H2 database for but I believe it to be irrelevant to the question.

Through an SQL injection it was possible to execute H2 functions such as "FILE_WRITE" and "FILE_READ". The H2 database appears to be running the SA account and is also running as root which made it possible to overwrite sensitive files on the system.

• If we ignore the fact that there is an SQL injection that obviously needs fixing, can the SA account for H2 in Ignite be changed to a low privileged user to stop the usage of the FILE_READ and FILE_WRITE functions?

• If Ignite is run as root, then I assume H2 is run as root as well in the system? Is it correct to assume that it is the Ignite process that needs to be downgraded to a low privileged account for H2 to not be run as root as well?

I currently do not have access to the system in question but it has been requested, but I know for a fact that FILE_WRITE could be used, and that a sensitive file could be overwritten (that was only writable by root).

Answer 1

Not a direct answer to your question, but this is fixed in Apache Ignite 2.8.1. See the announcement.

And yes, don't run Ignite as "root" for exactly the reason you suggest.