[
https://issues.apache.org/jira/browse/SPARK-26998?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16782330#comment-16782330
]
t oo commented on SPARK-26998:
------------------------------
[https://github.com/apache/spark/pull/23820] is only about hiding password from
log file, SPARK-26998 is about hiding passwords from showing in 'ps -ef'
process list
> spark.ssl.keyStorePassword in plaintext on 'ps -ef' output of executor
> processes in Standalone mode
> ---------------------------------------------------------------------------------------------------
>
> Key: SPARK-26998
> URL: https://issues.apache.org/jira/browse/SPARK-26998
> Project: Spark
> Issue Type: Bug
> Components: Scheduler, Security, Spark Core
> Affects Versions: 2.3.3, 2.4.0
> Reporter: t oo
> Priority: Major
> Labels: SECURITY, Security, secur, security, security-issue
>
> Run spark standalone mode, then start a spark-submit requiring at least 1
> executor. Do a 'ps -ef' on linux (ie putty terminal) and you will be able to
> see spark.ssl.keyStorePassword value in plaintext!
>
> spark.ssl.keyStorePassword and spark.ssl.keyPassword don't need to be passed
> to CoarseGrainedExecutorBackend. Only spark.ssl.trustStorePassword is used.
>
> Can be resolved if below PR is merged:
> [[Github] Pull Request #21514
> (tooptoop4)|https://github.com/apache/spark/pull/21514]
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@spark.apache.org
For additional commands, e-mail: issues-h...@spark.apache.org
