Hello, Thank you for your opinion. Almost all opinions show that we'd better keep Shell interpreter.
Following Apache rule, I'll make a vote in two days. Please leave your various opinions. Best regards, Jongyoul Lee 2024년 4월 15일 (월) 오후 6:59, Danny Cranmer <dannycran...@apache.org>님이 작성: > +1 for keeping the interpreter. It poses no additional security risk to any > interpreter that runs arbitrary code. For instance, it is equivalent to > running Python subprocess commands (unless I am missing something). > > Thanks, > Danny > > On Mon, Apr 15, 2024 at 9:57 AM Cheng Pan <pan3...@gmail.com> wrote: > > > I think the real issue here is that the user is logged in with a normal > > account, but runs a shell script using the system account, which is an > > escalation of privileges. > > > > Considering the feature has existed for a long period, and the user knows > > the behavior, it’s good to reserve it as long as there is a clear > > disclaimer in the docs. > > > > I’m +0.5 for keeping it. > > > > Thanks, > > Cheng Pan > > > > > > > On Apr 13, 2024, at 16:04, Manhua Jiang <man...@apache.org> wrote: > > > > > > Hi All, > > > > > > I would like to vote keeping it. > > > Zeppelin offers a way to run script without log in server, and > > interpreter's permission is controlled. > > > For the CVE, zeppelin should not make a lot effort to validate whether > > user's code is safety or not(not only shell, but also all coding > > interpreter like python,java,scala etc.), but try our best to keep it > safe, > > so offering a server configuration to switch on/off(default to off) > shell > > interpreter to end-user should enough for those care about this CVE. > > > > > > BTW, share 2 ideas to avoid secure problem: > > > 1. limited commands like HDFSFileInterpreter > > > 2. shell interpreter add options to runAs a lower privilege user on > > demand , and zeppelin needs to be launched by sudoer > > > > > > > > > On 2024/04/11 09:39:56 Jongyoul Lee wrote: > > >> Hello, > > >> > > >> I want to discuss Shell interpreter issue with you. > > >> > > >> For your information, we had a security report using Shell interpreter > > to > > >> execute malicious code with a system account. As you know, it's a kind > > of > > >> characteristic of Apache Zeppelin but some contributors including me > > >> thought it was too risky even if it's a feature. Moreover, I thought > > that > > >> we had some workarounds to do similar executions. > > >> > > >> However, after releasing it, there were many questions via several > > channels > > >> about the deprecation of Shell interpreter. > > >> > > >> I would like to follow the community's decision. For one more piece of > > >> information, we already have a security page to warn the code > execution > > >> feature so we can keep the Shell interpreter without any further > > treatment. > > >> > > >> Could you please give me your opinion on this? > > >> > > >> If we conclude keeping it, I'll release a new release of 0.11.2 > > including > > >> Shell interpreter again. > > >> > > >> Best regards, > > >> Jongyoul Lee > > >> > > > > > -- Best regards, Jongyoul Lee
