[
https://issues.apache.org/jira/browse/SPARK-43369?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17728207#comment-17728207
]
Yikun Jiang commented on SPARK-43369:
-------------------------------------
This might not a issue according to
https://github.com/docker-library/official-images/pull/13089#issuecomment-1561793792
```
Yeah, it is extra, but harmless. A stronger guarantee to prevent privilege
escalation would be in recommending that users set
--security-opt=no-new-privileges (or allowPrivilegeEscalation: false in
Kubernetes).
```
> Address comments about /etc/pam.d/su
> ------------------------------------
>
> Key: SPARK-43369
> URL: https://issues.apache.org/jira/browse/SPARK-43369
> Project: Spark
> Issue Type: Sub-task
> Components: Spark Docker
> Affects Versions: 3.5.0
> Reporter: Yikun Jiang
> Priority: Minor
>
> echo "auth required pam_wheel.so use_uid" >> /etc/pam.d/su &&
> I am unsure what this is for? 😕 As far as I can tell, this means that only
> members of the administrative group wheel (or 0 if there is no wheel) can
> switch to another user using the su command. That might make sense on a
> regular multi-user system, but I am unsure why it would matter for a
> container.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@spark.apache.org
For additional commands, e-mail: issues-h...@spark.apache.org
