Github user kanzhang commented on the pull request:
https://github.com/apache/spark/pull/6676#issuecomment-110543399
> Apps can read all the data other apps generate (in HDFS or other storage)
As long as you give each app a different HDFS delegation token (and as long
as we can find a secure way to pass tokens to apps - the current effort is a
try in that direction), they won't be able to access each other's HDFS files.
Local file system is not secure - that's why we can't use it to pass per-app
secrets.
> apps can kill other app processes
That's true. I'm aware of it and consider it a kind of denial of service
attack, which is beyond my current goal to defend against.
> apps have access to anything other apps running as the same user have
access too.
Yes. But I still wish someone could show me a simple example that defeats
my purpose of having a per-app secret for securing per-app communication
traffic.
> Ignoring that if you really want you can find the secret by looking at
the memory of another process, all that the secret prevents is someone
connecting back to the driver and pretending to be an executor. Given all of
the above, is that really giving any extra security to the app?
As long as we can find a secure way to distribute a per-app secret, my
follow-on patch will fix this by turning on authentication between driver and
executor using this per-app key.
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at [email protected] or file a JIRA ticket
with INFRA.
---
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
