[
https://issues.apache.org/jira/browse/FLINK-21307?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17279900#comment-17279900
]
Eron Wright edited comment on FLINK-21307 at 2/5/21, 6:54 PM:
--------------------------------------------------------------
Is it a reasonable expectation that enforcing a security manager for user code
would significantly improve the protection afforded to job-level secrets? For
example, imagine a connector has configuration property containing a
credential; in a session cluster, one job could theoretically access the
configuration properties of another job. Imposing a security manager seems
like a good step towards preventing that.
Also, any special considerations for plugins?
was (Author: eronwright):
Is it a reasonable expectation that enforcing a security manager for user code
would significantly improve the protection afforded to job-level secrets? For
example, imagine a connector has configuration property containing a
credential; in a session cluster, one job could theoretically access the
configuration properties of another job. Imposing a security manager seems
like a good step towards preventing that.
> Revisit activation model of FlinkSecurityManager
> ------------------------------------------------
>
> Key: FLINK-21307
> URL: https://issues.apache.org/jira/browse/FLINK-21307
> Project: Flink
> Issue Type: Bug
> Components: Runtime / Task
> Affects Versions: 1.13.0
> Reporter: Robert Metzger
> Priority: Critical
> Fix For: 1.13.0
>
>
> In FLINK-15156, we introduced a feature that allows users to log or
> completely disable calls to System.exit(). This feature is enabled for
> certain threads / code sections intended to execute user-code.
> The activation of the security manager (for monitoring user calls to
> System.exit() is currently not well-defined, and only implemented on a
> best-effort basis.
> This ticket is to revisit the activation.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
