Not that easy of a problem to solve… Can you impersonate the user who provided the code?
I mean if Joe provides the lambda function, then it runs as Joe so it has joe’s permissions. Steve is right, you’d have to get down to your cluster’s security and authenticate the user before accepting the lambda code. You may also want to run with a restricted subset of permissions. (e.g. Joe is an admin, but he wants it to run as if its an untrusted user… this gets a bit more interesting.) And this beg’s the question… How are you sharing your RDDs across multiple users? This too opens up a security question or two… > On Nov 4, 2016, at 6:13 PM, blazespinnaker <blazespinna...@gmail.com> wrote: > > In particular, we need to make sure the RDDs execute the lambda functions > securely as they are provided by user code. > > > > -- > View this message in context: > http://apache-spark-user-list.1001560.n3.nabble.com/sanboxing-spark-executors-tp28014p28024.html > Sent from the Apache Spark User List mailing list archive at Nabble.com. > > --------------------------------------------------------------------- > To unsubscribe e-mail: user-unsubscr...@spark.apache.org >
