[ https://issues.apache.org/jira/browse/SPARK-38992?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17568937#comment-17568937 ]
zhangdonglin edited comment on SPARK-38992 at 7/21/22 2:20 AM: --------------------------------------------------------------- [~wypoon] spark 2.4 also affected. but there are ways to avoid it, the config 'spark.acls.enable' is false by default, it you don't set 'spark.acls.enable=true' or 'spark.ui.acls.enable=true', it'll not trigger was (Author: JIRAUSER288711): [~wypoon] spark 2.4 also affected. but there are ways to avoid it, the config 'spark.acls.enable' if false by default, it you don't set 'spark.acls.enable=true' or 'spark.ui.acls.enable=true', it'll not trigger > Avoid using bash -c in ShellBasedGroupsMappingProvider > ------------------------------------------------------ > > Key: SPARK-38992 > URL: https://issues.apache.org/jira/browse/SPARK-38992 > Project: Spark > Issue Type: Bug > Components: Spark Core > Affects Versions: 3.0.3, 3.1.2, 3.2.1, 3.3.0 > Reporter: Hyukjin Kwon > Assignee: Hyukjin Kwon > Priority: Major > Fix For: 3.1.3, 3.0.4, 3.3.0, 3.2.2 > > > Using bash -c can allow arbitrary shall execution from the end user. -- This message was sent by Atlassian Jira (v8.20.10#820010) --------------------------------------------------------------------- To unsubscribe, e-mail: issues-unsubscr...@spark.apache.org For additional commands, e-mail: issues-h...@spark.apache.org