[
https://issues.apache.org/jira/browse/FLINK-36162?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Gyula Fora closed FLINK-36162.
------------------------------
Fix Version/s: kubernetes-operator-1.10.0
Resolution: Fixed
merged to main d9282263baad879a6a00f9614d985a0e1a47740c
> Remove flinkStateSnapshotReference and namespace from FlinkStateSnapshot
> jobReference
> -------------------------------------------------------------------------------------
>
> Key: FLINK-36162
> URL: https://issues.apache.org/jira/browse/FLINK-36162
> Project: Flink
> Issue Type: Sub-task
> Components: Kubernetes Operator
> Reporter: Gyula Fora
> Assignee: Gyula Fora
> Priority: Blocker
> Labels: pull-request-available
> Fix For: kubernetes-operator-1.10.0
>
>
> I think in the initial version we should remove both the newly introduced
> job.spec.flinkStateSnapshotReference and
> FlinkStateSnapshot.jobReference.namspace fields as they generally allow users
> to trigger and access savepoint paths from namespaces where the user may not
> have permissions.
> Let me give you 2 examples:
> jobReference.namespace, allows us to trigger a savepoint for a job in a
> different namespace. This works as long as the operator has access to the
> user and does not verify that the current user in fact does. This may
> ultimately allow us to trigger a savepoint to a custom place and even steal
> the state.
> In a similar way the initial flinkStateSnapshot reference would allow us to
> steal a savepoint path that we normally don't know/have access to and store
> it in our resource.
> I suggest to simply remove these until we have a good way to solve these
> issues, I think there is generally not much use for these fields overall.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
