[
https://issues.apache.org/jira/browse/AIRFLOW-2283?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16605538#comment-16605538
]
Ash Berlin-Taylor commented on AIRFLOW-2283:
--------------------------------------------
Agreed, this is fundamental to being able to define workflows in Python - you
have to execute the code somewhere. Right now the best we can do is document
this.
(With a lot of work it would theoretically be possible to make sure each DAG/or
each tenant's DAGs are parsed in their own container. But it is a *lot* of work
to get there.)
> Explain multi-Tenant security limitations
> -----------------------------------------
>
> Key: AIRFLOW-2283
> URL: https://issues.apache.org/jira/browse/AIRFLOW-2283
> Project: Apache Airflow
> Issue Type: Bug
> Affects Versions: 1.8.0
> Environment: Any/All
> Reporter: Garrett Summers
> Priority: Major
> Labels: security
>
> We noticed what we think to be a potential security vulnerability when
> importing dag files in the following line:
> {{m = imp.load_source(mod_name, filepath)}}
> This line in the DagBag.process_file code imports the dag files available,
> but this causes all of the code in the file to actually execute (which could
> be any arbitrary code). If the dags for different tenants are being stored in
> a common dag structure (even though the are filtered for the different
> tenants) then the arbitrary code execution would make it possible for one
> tenant to access/modify the dags of other tenants. This would be a major
> problem for users who utilize the multi-tenant functionality in Airflow.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
