soumasish commented on PR #48941: URL: https://github.com/apache/spark/pull/48941#issuecomment-2515363130
@HyukjinKwon @cryptoad I appreciate the feedback and agree that this topic extends beyond Spark to JVM's handling of command-line options in general. Here's how I view this: 1. This PR is aimed at addressing a specific scenario—mitigating risks from unintentional or malicious injection of shell metacharacters via `extraJavaOptions`. While this doesn't eliminate all risks of arbitrary code execution, it aligns with the principle of reducing the attack surface where possible. 2. Completely disallowing extraJavaOptions may not be feasible for many deployments. This parameter is frequently used for legitimate purposes such as performance tuning, debugging, and fine-tuning JVM behavior. Disabling it would limit the flexibility and capability of Spark for many users. 3. I agree that the underlying security implications of JVM options are not specific to Spark. If there's community consensus that this issue warrants broader attention, it may be worth collaborating with the JVM maintainers to propose enhancements or provide official guidance on secure handling of these options. In conclusion, this PR doesn't claim to solve the broader issue but offers a tangible improvement in reducing the risk of straightforward command injection. I'm open to collaborating on further discussions or actions if needed. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
