[
https://issues.apache.org/jira/browse/SPARK-49923?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
sunjiangwen updated SPARK-49923:
--------------------------------
Description:
1. We use spark to perform periodic calculation through Spark tasks preset in
our system, and use the calculation results for reporting systemdisplay;
2. Due to difference data traffic model in different cities, we provide a
webportal maintenance page, so that the maintenance staff could dynamically
adjust parameters according to the actual situation. the maintenance staff only
can set parameters for preset tasks, do not have right to access the
workstation or run command on workstation.
3. The security department of the company finds that there has a risk of
command injection in the webportal, which may cause maintenance staff to obtain
the workstation permission or run command on workstation, so the security
department expects us to solve this problem.
For example, if someone input special injection characters (' touch$IFS+
command, $IFS is linux command, $IFS specifies a space by default), then the
injection will happen on the workstation.
1.Enter special characters like touch$IFS+command and pass them to the Spark
2.The workstation was successfully injected and the /tmp/zz34 file be created:
!inject.png!
3.ExtraJavaOptions parameter was set by the sparkLauncher. setConf method
submit the Spark program. Yarn task submission page displays that the
parameters was passed to the Spark by spark.driver.extra.javaOptions parameter:
!yarn.PNG!
4.We read the spark source code and found that Spark provides security
protection for data such as memory parameters, but does not provide security
protection for extraJavaParam parameter. In view of the above situation, does
Spark have security risks? What do you think of this scenario. Can Spark add
keyword filtering (such as filtering the $IFSabnormal injection strings) for
extraJavaParam parameters to improve the security of Spark. For example, filter
exception characters before javaOpts is used:
!src.PNG!
was:
1. We use spark to perform periodic calculation through Spark tasks preset in
our system, and use the calculation results for reporting systemdisplay;
2. Due to difference data traffic model in different cities, we provide a
webportal maintenance page, so that the maintenance staff could dynamically
adjust parameters according to the actual situation. the maintenance staff only
can set parameters for preset tasks, do not have right to access the
workstation or run command on workstation.
3. The security department of the company finds that there has a risk of
command injection in the webportal, which may cause maintenance staff to obtain
the workstation permission or run command on workstation, so the security
department expects us to solve this problem.
For example, if someone input special injection characters (' touch$IFS+
command, $IFS is linux command, $IFS specifies a space by default), then the
injection will happen on the workstation.
1.Enter special characters like touch$IFS+command and pass them to the Spark
2.The workstation was successfully injected and the /tmp/zz34 file be created:
!inject.png!
3.ExtraJavaOptions parameter was set by the sparkLauncher. setConf method
submit the Spark program. Yarn task submission page displays that the
parameters was passed to the Spark by spark.driver.extra.javaOptions parameter:
!截图.PNG!
4.We read the spark source code and found that Spark provides security
protection for data such as memory parameters, but does not provide security
protection for extraJavaParam parameter. In view of the above situation, does
Spark have security risks? What do you think of this scenario. Can Spark add
keyword filtering (such as filtering the $IFSabnormal injection strings) for
extraJavaParam parameters to improve the security of Spark. For example, filter
exception characters before javaOpts is used:
!source.png!
> Spark task execution with Java execution option has an injection problem
> ------------------------------------------------------------------------
>
> Key: SPARK-49923
> URL: https://issues.apache.org/jira/browse/SPARK-49923
> Project: Spark
> Issue Type: Bug
> Components: YARN
> Affects Versions: 3.5.3
> Reporter: sunjiangwen
> Priority: Major
> Attachments: inject.png, yarn.PNG
>
>
> 1. We use spark to perform periodic calculation through Spark tasks preset in
> our system, and use the calculation results for reporting systemdisplay;
> 2. Due to difference data traffic model in different cities, we provide a
> webportal maintenance page, so that the maintenance staff could dynamically
> adjust parameters according to the actual situation. the maintenance staff
> only can set parameters for preset tasks, do not have right to access the
> workstation or run command on workstation.
> 3. The security department of the company finds that there has a risk of
> command injection in the webportal, which may cause maintenance staff to
> obtain the workstation permission or run command on workstation, so the
> security department expects us to solve this problem.
> For example, if someone input special injection characters (' touch$IFS+
> command, $IFS is linux command, $IFS specifies a space by default), then the
> injection will happen on the workstation.
> 1.Enter special characters like touch$IFS+command and pass them to the Spark
> 2.The workstation was successfully injected and the /tmp/zz34 file be
> created:
> !inject.png!
> 3.ExtraJavaOptions parameter was set by the sparkLauncher. setConf method
> submit the Spark program. Yarn task submission page displays that the
> parameters was passed to the Spark by spark.driver.extra.javaOptions
> parameter:
> !yarn.PNG!
> 4.We read the spark source code and found that Spark provides security
> protection for data such as memory parameters, but does not provide security
> protection for extraJavaParam parameter. In view of the above situation, does
> Spark have security risks? What do you think of this scenario. Can Spark add
> keyword filtering (such as filtering the $IFSabnormal injection strings) for
> extraJavaParam parameters to improve the security of Spark. For example,
> filter exception characters before javaOpts is used:
> !src.PNG!
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@spark.apache.org
For additional commands, e-mail: issues-h...@spark.apache.org
