[
https://issues.apache.org/jira/browse/SPARK-23782?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16412510#comment-16412510
]
Marco Gaido commented on SPARK-23782:
-------------------------------------
[~vanzin] thanks for the link. I see that in the discussion there were doubts
about this, so the PR removed this part from it to focus on the other aspects,
but there was no strong opinion against this..
bq. What sensitive information is being exposed to users that should not see it?
The users can see which applications have been run by each users, when, how
long they last, their names and which applications other users are running, if
they are connected though a spark-shell for instance and so on. These are
information which should not be shared with non-authorized people and if the
names of the applications are meaningful a user can easily guess what the
others are doing on the cluster.
If you compare how other systems work, moreover, of course they do not show to
non-admin users what the others are doing. Our current situation is the same as
if in Oracle or Postgres you were able to list the queries run by other users:
of course each user can list only its queries.
bq. Won't you get that same info if you go to the resource manager's page and
look at what applications have run?
I am not sure how the RM UI works. If it lists all the applications to all the
users, even though they do not have the rights for it, it is a big security
hole, since there you can also retrieve the logs. I hope the RM has better
security than this but I am not an expert on it. And if it doesn't, I do
believe it should be fixed. Moreover, I think we should not focus for Spark on
a specific resource manager (YARN), since Spark can run in many modes other
than it.
> SHS should not show applications to user without read permission
> ----------------------------------------------------------------
>
> Key: SPARK-23782
> URL: https://issues.apache.org/jira/browse/SPARK-23782
> Project: Spark
> Issue Type: Bug
> Components: Web UI
> Affects Versions: 2.4.0
> Reporter: Marco Gaido
> Priority: Major
>
> The History Server shows all the applications to all the users, even though
> they have no permission to read them. They cannot read the details of the
> applications they cannot access, but still anybody can list all the
> applications submitted by all users.
> For instance, if we have an admin user {{admin}} and two normal users {{u1}}
> and {{u2}}, and each of them submitted one application, all of them can see
> in the main page of SHS:
> ||App ID||App Name|| ... ||Spark User|| ... ||
> |app-123456789|The Admin App| .. |admin| ... |
> |app-123456790|u1 secret app| .. |u1| ... |
> |app-123456791|u2 secret app| .. |u2| ... |
> Then clicking on each application, the proper permissions are applied and
> each user can see only the applications he has the read permission for.
> Instead, each user should see only the applications he has the permission to
> read and he/she should not be able to see applications he has not the
> permissions for.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@spark.apache.org
For additional commands, e-mail: issues-h...@spark.apache.org
