Re: [VOTE] Revert Shell Interpreter

2024-04-30 Thread Jongyoul Lee 
Hello Nathan,

Thank you for the reply. We already talked about what you mentioned in the
discussion thread I attached in the first email. Moreover, Zeppelin already
provides a way to disable the Shell interpreter so you can disable it even
though releases include the Shell interpreter.

Best regards,
Jongyoul Lee

2024년 4월 30일 (화) 오후 10:52, Rutland, Nathan (CTR) <
nathan.rutl...@mail.associates.cisa.dhs.gov>님이 작성:

> My reason for removing shell interpreter is that one can easily do:
>
>
>
> %sh
>
> cat /etc/zeppelin/conf/shiro.ini
>
>
>
> This would expose all the passwords in a normal system.  I have been
> trying to disable sh interpreter ahead of this feature without great
> success.
>
>
>
> *From:* Jongyoul Lee 
> *Sent:* Monday, April 29, 2024 7:30 PM
> *To:* Rutland, Nathan (CTR) 
> *Cc:* dev ; users 
> *Subject:* Re: [VOTE] Revert Shell Interpreter
>
>
>
> *CAUTION: *This email originated from outside of CISA/DHS. DO NOT click
> links or open attachments unless you recognize and/or trust the sender.
> Contact your component SOC with questions or concerns.
>
>
>
> Hello,
>
>
>
> I planed to complete this vote today following general rules for Apache
> Zeppelin community history but I prolong this vote to one day more as we
> have one veto so that we wait for the reason.
>
>
>
> Best regards,
>
> Jongyoul Lee
>
>
>
> 2024년 4월 30일 (화) 오전 9:24, Jongyoul Lee 님이 작성:
>
> Hello Nathan,
>
>
>
> Thank you for interests for this issue.
>
>
>
> By the way, I should have explained but all voter who gave -1 need to
> leave some comments about why they disagree this vote. It's the voting
> policy for all apache projects.[1]
>
>
>
> Best regards,
>
> Jongyoul Lee
>
>
>
> [1] https://www.apache.org/foundation/voting.html#Veto
> 
>
>
>
> 2024년 4월 30일 (화) 오전 2:36, Rutland, Nathan (CTR) <
> nathan.rutl...@mail.associates.cisa.dhs.gov>님이 작성:
>
> -1
>
>
>
> *From:* Jongyoul Lee 
> *Sent:* Saturday, April 27, 2024 7:21 AM
> *To:* users ; dev 
> *Subject:* [VOTE] Revert Shell Interpreter
>
>
>
> *CAUTION: *This email originated from outside of CISA/DHS. DO NOT click
> links or open attachments unless you recognize and/or trust the sender.
> Contact your component SOC with questions or concerns.
>
>
>
> Hello community,
>
>
>
> I propose the vote for reverting Shell interpreter.
>
>
>
> Please check the discussion thread[1] before you participate in this vote.
>
>
>
> [] +1 Including Shell interpreter again in the next Zeppelin release
>
> [] 0 no opinion
>
> [] -1 Removing Shell interpreter in the next Zeppelin release as it is
>
>
>
> Best regards,
>
> Jongyoul Lee
>
>
>
> [1] https://lists.apache.org/thread/opf3h6b0wc4pnsvqsy0b50vzmozd9qbn
> 
>
>

-- 
Best regards,
Jongyoul Lee

RE: [VOTE] Revert Shell Interpreter

2024-04-30 Thread Rutland, Nathan (CTR) 
My reason for removing shell interpreter is that one can easily do:

%sh
cat /etc/zeppelin/conf/shiro.ini

This would expose all the passwords in a normal system.  I have been trying to 
disable sh interpreter ahead of this feature without great success.

From: Jongyoul Lee 
Sent: Monday, April 29, 2024 7:30 PM
To: Rutland, Nathan (CTR) 
Cc: dev ; users 
Subject: Re: [VOTE] Revert Shell Interpreter

CAUTION: This email originated from outside of CISA/DHS. DO NOT click links or 
open attachments unless you recognize and/or trust the sender. Contact your 
component SOC with questions or concerns.

Hello,

I planed to complete this vote today following general rules for Apache 
Zeppelin community history but I prolong this vote to one day more as we have 
one veto so that we wait for the reason.

Best regards,
Jongyoul Lee

2024년 4월 30일 (화) 오전 9:24, Jongyoul Lee 
mailto:jongy...@gmail.com>>님이 작성:
Hello Nathan,

Thank you for interests for this issue.

By the way, I should have explained but all voter who gave -1 need to leave 
some comments about why they disagree this vote. It's the voting policy for all 
apache projects.[1]

Best regards,
Jongyoul Lee

[1] 
https://www.apache.org/foundation/voting.html#Veto

2024년 4월 30일 (화) 오전 2:36, Rutland, Nathan (CTR) 
mailto:nathan.rutl...@mail.associates.cisa.dhs.gov>>님이
 작성:
-1

From: Jongyoul Lee mailto:jongy...@gmail.com>>
Sent: Saturday, April 27, 2024 7:21 AM
To: users mailto:users@zeppelin.apache.org>>; dev 
mailto:d...@zeppelin.apache.org>>
Subject: [VOTE] Revert Shell Interpreter

CAUTION: This email originated from outside of CISA/DHS. DO NOT click links or 
open attachments unless you recognize and/or trust the sender. Contact your 
component SOC with questions or concerns.

Hello community,

I propose the vote for reverting Shell interpreter.

Please check the discussion thread[1] before you participate in this vote.

[] +1 Including Shell interpreter again in the next Zeppelin release
[] 0 no opinion
[] -1 Removing Shell interpreter in the next Zeppelin release as it is

Best regards,
Jongyoul Lee

[1] 
https://lists.apache.org/thread/opf3h6b0wc4pnsvqsy0b50vzmozd9qbn