[
https://issues.apache.org/jira/browse/LIVY-266?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16704312#comment-16704312
]
shanyu zhao commented on LIVY-266:
----------------------------------
[~tc0312] are you saying that all the requests are actually using SPNEGO with
identity "prabhu", therefore it all works fine. If a different user tries to
post statements or kill sessions owned by user "prabhu", livy will deny that
request?
If knox is used to access livy in a keberized cluster, and knox user is
configured as "livy.superusers", then proxyUser field is enforced for post
/sessions request, However, post statements request to any sessions from knox
server to livy server will always be successful because the caller identity is
knox user not the end user. How does livy find out who is making the request to
it?
> Livy sessions/batches are not secured. Any user can stop another user
> session/batch
> -----------------------------------------------------------------------------------
>
> Key: LIVY-266
> URL: https://issues.apache.org/jira/browse/LIVY-266
> Project: Livy
> Issue Type: Task
> Components: Core
> Affects Versions: 0.3
> Reporter: Prabhu Kasinathan
> Priority: Major
>
> Dev,
> Livy session or batches are not currently secured. i.e. User A can start a
> session or batch and User B can submit code to session started by User A or
> even stop that session. This is critical issue on secured cluster, when User
> A is having sensitive data access, there may be a chance User B can access
> those sensitive datasets through User-A Session.
> Here, is an example from our secured cluster.
> # Starting session from user "prabhu"
> curl --silent --negotiate -u:prabhu localhost:8998/sessions -X POST -H
> 'Content-Type: application/json' -d '{
> "kind":"scala",
> "proxyUser":"prabhu",
> "name":"Testing"
> }' | python -m json.tool
> {
> "id": 371,
> "appId": null,
> "owner": "prabhu",
> "proxyUser": "prabhu",
> "state": "starting",
> "kind": "spark",
> "appInfo": {
> "driverLogUrl": null,
> "sparkUiUrl": null
> },
> "log": []
> }
> # Executing code to above session by some other user "don"
> curl --silent --negotiate -u:don localhost:8998/sessions/371/statements -X
> POST -H 'Content-Type: application/json' -d '{
> "code":"sc.applicationId"
> }' | python -m json.tool
> {
> "id": 0,
> "state": "available",
> "output": {
> "status": "ok",
> "execution_count": 0,
> "data": {
> "text/plain": "res0: String = application_1476926173701_398436"
> }
> }
> }
> # Stopping above session by different user "john" this time
> curl --silent --negotiate -u:john localhost:8998/sessions/371 -X DELETE |
> python -m json.tool
> {
> "msg": "deleted"
> }
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
