On Mon, 4 Dec 2023 at 20:16, Andrey Anshin <andrey.ans...@taragol.is> wrote:
> > Pickle and the likes can execute arbitrary code that is inside the > > serialized object. > > > > > Yep. This is super dangerous indeed. > > My fifty cents. This sounds scarier than it actually is, it mostly covered > by this simple things: > I think you underestimate what challenges malicious actors pose. Most attacks come from the inside. For example you do not want a DEVeloper of a DAG to have access to OPS of the workers. If you can craft a pickle that does something else in one location then somewhere else that is a serious issue. Basically you can rely on pickle when you are sure you control both sides and the user cannot interfere. This is what Spark does for example with Spark Connect. We cannot rely on that because the user is in between. Bolke -- -- Bolke de Bruin bdbr...@gmail.com
