[jira] [Commented] (SPARK-50191) Flexible configuration of javaoptions.

Mon, 25 Nov 2024 19:10:25 -0800 


    [ 
https://issues.apache.org/jira/browse/SPARK-50191?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17901065#comment-17901065
 ] 

bingzuochen commented on SPARK-50191:
-------------------------------------

Can risk be guarded at Spark? If Spark does the protection, this can completely 
eliminate this situation, on the client side it needs to be solved by each 
user, the user needs to think too much.

> Flexible configuration of javaoptions.
> --------------------------------------
>
>                 Key: SPARK-50191
>                 URL: https://issues.apache.org/jira/browse/SPARK-50191
>             Project: Spark
>          Issue Type: Improvement
>          Components: YARN
>    Affects Versions: 3.5.3
>            Reporter: bingzuochen
>            Priority: Major
>
> In Yarn mode, the javaOptions configuration item is executed as the bash -c 
> command, such as *spark.executor.extraJavaOptions,* 
> *spark.executor.defaultJavaOptions,*  *spark.executor.extraJavaOptions,*  
> {*}spark.driver.defaultJavaOptions{*}, which may cause arbitrary command 
> execution risks. Can we add a configuration item to eliminate risks when the 
> javaOptions configuration is not required?
>  
> resource-managers/yarn/src/main/scala/org/apache/spark/deploy/yarn/YarnSparkHadoopUtil.scala
>  
> {code:java}
> /**
>  * Escapes a string for inclusion in a command line executed by Yarn. Yarn 
> executes commands
>  * using either
>  *
>  * (Unix-based) `bash -c "command arg1 arg2"` and that means plain quoting 
> doesn't really work.
>  * The argument is enclosed in single quotes and some key characters are 
> escaped.
>  *
>  * (Windows-based) part of a .cmd file in which case windows escaping for 
> each argument must be
>  * applied. Windows is quite lenient, however it is usually Java that causes 
> trouble, needing to
>  * distinguish between arguments starting with '-' and class names. If 
> arguments are surrounded
>  * by ' java takes the following string as is, hence an argument is 
> mistakenly taken as a class
>  * name which happens to start with a '-'. The way to avoid this, is to 
> surround nothing with
>  * a ', but instead with a ".
>  *
>  * @param arg A single argument.
>  * @return Argument quoted for execution via Yarn's generated shell script.
>  */ {code}



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@spark.apache.org
For additional commands, e-mail: issues-h...@spark.apache.org

Reply via email to