Hi All, I would like to vote keeping it. Zeppelin offers a way to run script without log in server, and interpreter's permission is controlled. For the CVE, zeppelin should not make a lot effort to validate whether user's code is safety or not(not only shell, but also all coding interpreter like python,java,scala etc.), but try our best to keep it safe, so offering a server configuration to switch on/off(default to off) shell interpreter to end-user should enough for those care about this CVE.
BTW, share 2 ideas to avoid secure problem: 1. limited commands like HDFSFileInterpreter 2. shell interpreter add options to runAs a lower privilege user on demand , and zeppelin needs to be launched by sudoer On 2024/04/11 09:39:56 Jongyoul Lee wrote: > Hello, > > I want to discuss Shell interpreter issue with you. > > For your information, we had a security report using Shell interpreter to > execute malicious code with a system account. As you know, it's a kind of > characteristic of Apache Zeppelin but some contributors including me > thought it was too risky even if it's a feature. Moreover, I thought that > we had some workarounds to do similar executions. > > However, after releasing it, there were many questions via several channels > about the deprecation of Shell interpreter. > > I would like to follow the community's decision. For one more piece of > information, we already have a security page to warn the code execution > feature so we can keep the Shell interpreter without any further treatment. > > Could you please give me your opinion on this? > > If we conclude keeping it, I'll release a new release of 0.11.2 including > Shell interpreter again. > > Best regards, > Jongyoul Lee >
