[ 
https://issues.apache.org/jira/browse/FLINK-36162?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17877194#comment-17877194
 ] 

Thomas Weise commented on FLINK-36162:
--------------------------------------

[~gyfora] I was surprised when you closed your PR but now it makes sense :) 
Agreed that it is better to remove these fields, they aren't solid enough and 
potentially hard to straighten out in the future. They also don't solve 
anything beyond what initialSavepointPath already covers.

> Remove flinkStateSnapshotReference and namespace from FlinkStateSnapshot 
> jobReference
> -------------------------------------------------------------------------------------
>
>                 Key: FLINK-36162
>                 URL: https://issues.apache.org/jira/browse/FLINK-36162
>             Project: Flink
>          Issue Type: Sub-task
>          Components: Kubernetes Operator
>            Reporter: Gyula Fora
>            Assignee: Gyula Fora
>            Priority: Blocker
>
> I think in the initial version we should remove both the newly introduced 
> job.spec.flinkStateSnapshotReference and 
> FlinkStateSnapshot.jobReference.namspace fields as they generally allow users 
> to trigger and access savepoint paths from namespaces where the user may not 
> have permissions.
> Let me give you 2 examples:
> jobReference.namespace, allows us to trigger a savepoint for a job in a 
> different namespace. This works as long as the operator has access to the 
> user and does not verify that the current user in fact does. This may 
> ultimately allow us to trigger a savepoint to a custom place and even steal 
> the state.
> In a similar way the initial flinkStateSnapshot reference would allow us to 
> steal a savepoint path that we normally don't know/have access to and store 
> it in our resource.
> I suggest to simply remove these until we have a good way to solve these 
> issues, I think there is generally not much use for these fields overall.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to