feat: disable Parquet by default (breaking change) (#9920)

I have built a fuzz test and it crashes heavily in seconds and will OOM shortly after. It seems like supporting Parquet is basically a completely open way to crash the server if you can upload a file and run s3 select on it. Until Parquet is more hardened it is DISABLED by default since hostile crafted input can easily crash the server. If you are in a controlled environment where it is safe to assume no hostile content can be uploaded to your cluster you can safely enable Parquet. To enable Parquet set the environment variable `MINIO_API_SELECT_PARQUET=on` while starting the MinIO server. Furthermore, we guard parquet by recover functions.
2025-11-20 01:50:24 -05:00 · 2020-08-18 10:23:28 -07:00
parent d2a3f92452
commit adca28801d
4 changed files with 33 additions and 2 deletions
--- a/pkg/s3select/select.go
+++ b/pkg/s3select/select.go
@@ -26,6 +26,7 @@ import (
 	"io"
 	"io/ioutil"
 	"net/http"
+	"os"
 	"strings"
 	"sync"

@@ -334,6 +335,9 @@ func (s3Select *S3Select) Open(getReader func(offset, length int64) (io.ReadClos
 		}
 		return nil
 	case parquetFormat:
+		if !strings.EqualFold(os.Getenv("MINIO_API_SELECT_PARQUET"), "on") {
+			return errors.New("parquet format parsing not enabled on server")
+		}
 		var err error
 		s3Select.recordReader, err = parquet.NewReader(getReader, &s3Select.Input.ParquetArgs)
 		return err