bjornjorgensen commented on code in PR #602: URL: https://github.com/apache/spark-website/pull/602#discussion_r2031901105
########## security.md: ########## @@ -16,6 +16,24 @@ responded. To report a possible security vulnerability, please email `secur...@spark.apache.org`. This is a non-public list that will reach the Apache Security team, as well as the Spark PMC. +<h2>Frequently Asked Questions</h2> + +<h3>During a security analysis of Apache Spark, I noticed that Spark allows for remote code execution, is this an issue?</h3> + +No, this is not considered an issue or a vulnerability in itself, because remote code execution is fundamental +to Apache Spark's design and purpose. Users can submit code in Spark jobs, +which will be executed unconditionally, without any attempts to limit what code can run. Starting other processes, +establishing network connections or accessing and modifying local files are possible. Anyone able to use a Spark +cluster generally already has total control over the resources assigned to their Spark application by the resource +manager (YARN, Kubernetes, etc.). + +Historically, we’ve received numerous code execution vulnerability reports, which we have rejected, as this is by design. +Full access to the provisioned application resources is expected; it is _not_ expected that a user application can +affect resources outside of their provisioned resources from the resource manager, however. + +We strongly discourage users to expose Spark clusters to the public internet. Within company networks or Review Comment: "We strongly discourage users to expose Spark clusters to the public internet. Within company networks or “cloud” accounts, we recommend restricting access to a Spark cluster via appropriate means." Change to We strongly discourage exposing Spark clusters (including UIs and submission endpoints) directly to the public internet or untrusted networks. We recommend access within trusted networks (company intranets, private cloud environments), using restrict access to the Spark cluster with robust authentication, authorization, and network controls. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: commits-unsubscr...@spark.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: commits-unsubscr...@spark.apache.org For additional commands, e-mail: commits-h...@spark.apache.org
