[
https://issues.apache.org/jira/browse/SPARK-10004?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Reynold Xin updated SPARK-10004:
--------------------------------
Target Version/s: 1.6.0
> Shuffle service should make sure applications are allowed to read shuffle data
> ------------------------------------------------------------------------------
>
> Key: SPARK-10004
> URL: https://issues.apache.org/jira/browse/SPARK-10004
> Project: Spark
> Issue Type: Bug
> Components: Shuffle
> Affects Versions: 1.3.1, 1.4.1, 1.5.0
> Reporter: Marcelo Vanzin
> Priority: Critical
>
> The shuffle service currently performs authentication of clients; but once a
> client is authenticated, it blindly trusts the client to send proper requests.
> A malicious client could send a {{OpenBlocks}} message to open another
> application's shuffle data, and the shuffle service will just do it. This can
> be used to work around the fact that the app cannot go directly to the other
> app's files in the local filesystem (due to permissions), while the shuffle
> service can.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
