> However I still don't really understand the risk - if dag authors can write dags they can run a python operator to do what ever they like. How are plugins different? > The main thing I can't wrap my head around why suitably permissioned users can't have the ability to customise the webserver image/container.
I second Ash here, I'm still not sure if I understand what is the risk here. As it was said - anyone who can submit a DAG can run arbitrary code or drop the Airflow database. Tomek On Sat, 19 Jun 2021 at 10:04, Ash Berlin-Taylor <[email protected]> wrote: > > Plugins, providers, and their associated Python libraries all need to > execute code in order to be installed which is a vulnerability. > > Please rephrase this - I understand what you mean, but this is too broad a > statement. It is at worst a _potential_ vulnerability. > > However I still don't really understand the risk - if dag authors can > write dags they can run a python operator to do what ever they like. How > are plugins different? > > The main thing I can't wrap my head around why suitably permissioned users > can't have the ability to customise the webserver image/container. > > -ash > > > On 18 June 2021 22:58:29 BST, "Jackson, John" <[email protected]> > wrote: >> >> Plugins, providers, and their associated Python libraries all need to >> execute code in order to be installed which is a vulnerability. Plugins in >> particular are often developed/installed by the data engineers and not by >> system administrators, leading us back to our original problem. >> >> I would turn your argument the other way around--if you're already in a >> no-install, serialized model for DAGs why not extend that to all aspects of >> the webserver such as connections and UI plugins? Seems that would be more >> consistent. >> >> On 2021-06-18, 1:36 PM, "Jarek Potiuk" <[email protected]> wrote: >> >> CAUTION: This email originated from outside of the organization. Do not >> click links or open attachments unless you can confirm the sender and know >> the content is safe. >> >> >> >> That would certainly help a bit, but unfortunately it's not just the >> packages. It's the fact that authentication is tied to Python code that can >> be patched by anyone with permission to execute code on the web server, >> which in turn would give them access to packages or any anything else they'd >> like. >>> >> >> But in Airflow 2.0 the code provided by "DAG writers" is not executed >> any more. This is entirely gone together with Airflow 1.10. This has >> been handled by DAG serialization, which is the only option available >> in 2.0. I do not see how the "Users" could add any code if "Admins" >> control the packages that are installed in the webserver. Now if >> Admin/User is the only problem then I think this is really >> misunderstanding coming from the pre-DAG-serialization world of Apache >> Airflow. >> >> J. >> >>
