[
https://issues.apache.org/jira/browse/SPARK-26998?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16784434#comment-16784434
]
Jungtaek Lim commented on SPARK-26998:
--------------------------------------
If I understand correctly, the PR would mitigate the issue (remove some of
unnecessary password parameters being passed) but not completely solve the
issue, sine truststore password parameters will be still passed as it was.
To handle issue correctly we need to have secured storage to share the security
information.
> spark.ssl.keyStorePassword in plaintext on 'ps -ef' output of executor
> processes in Standalone mode
> ---------------------------------------------------------------------------------------------------
>
> Key: SPARK-26998
> URL: https://issues.apache.org/jira/browse/SPARK-26998
> Project: Spark
> Issue Type: Bug
> Components: Scheduler, Security, Spark Core
> Affects Versions: 2.3.3, 2.4.0
> Reporter: t oo
> Priority: Major
> Labels: SECURITY, Security, secur, security, security-issue
>
> Run spark standalone mode, then start a spark-submit requiring at least 1
> executor. Do a 'ps -ef' on linux (ie putty terminal) and you will be able to
> see spark.ssl.keyStorePassword value in plaintext!
>
> spark.ssl.keyStorePassword and spark.ssl.keyPassword don't need to be passed
> to CoarseGrainedExecutorBackend. Only spark.ssl.trustStorePassword is used.
>
> Can be resolved if below PR is merged:
> [[Github] Pull Request #21514
> (tooptoop4)|https://github.com/apache/spark/pull/21514]
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@spark.apache.org
For additional commands, e-mail: issues-h...@spark.apache.org
