+1 for keeping the interpreter. It poses no additional security risk to any interpreter that runs arbitrary code. For instance, it is equivalent to running Python subprocess commands (unless I am missing something).
Thanks, Danny On Mon, Apr 15, 2024 at 9:57 AM Cheng Pan <pan3...@gmail.com> wrote: > I think the real issue here is that the user is logged in with a normal > account, but runs a shell script using the system account, which is an > escalation of privileges. > > Considering the feature has existed for a long period, and the user knows > the behavior, it’s good to reserve it as long as there is a clear > disclaimer in the docs. > > I’m +0.5 for keeping it. > > Thanks, > Cheng Pan > > > > On Apr 13, 2024, at 16:04, Manhua Jiang <man...@apache.org> wrote: > > > > Hi All, > > > > I would like to vote keeping it. > > Zeppelin offers a way to run script without log in server, and > interpreter's permission is controlled. > > For the CVE, zeppelin should not make a lot effort to validate whether > user's code is safety or not(not only shell, but also all coding > interpreter like python,java,scala etc.), but try our best to keep it safe, > so offering a server configuration to switch on/off(default to off) shell > interpreter to end-user should enough for those care about this CVE. > > > > BTW, share 2 ideas to avoid secure problem: > > 1. limited commands like HDFSFileInterpreter > > 2. shell interpreter add options to runAs a lower privilege user on > demand , and zeppelin needs to be launched by sudoer > > > > > > On 2024/04/11 09:39:56 Jongyoul Lee wrote: > >> Hello, > >> > >> I want to discuss Shell interpreter issue with you. > >> > >> For your information, we had a security report using Shell interpreter > to > >> execute malicious code with a system account. As you know, it's a kind > of > >> characteristic of Apache Zeppelin but some contributors including me > >> thought it was too risky even if it's a feature. Moreover, I thought > that > >> we had some workarounds to do similar executions. > >> > >> However, after releasing it, there were many questions via several > channels > >> about the deprecation of Shell interpreter. > >> > >> I would like to follow the community's decision. For one more piece of > >> information, we already have a security page to warn the code execution > >> feature so we can keep the Shell interpreter without any further > treatment. > >> > >> Could you please give me your opinion on this? > >> > >> If we conclude keeping it, I'll release a new release of 0.11.2 > including > >> Shell interpreter again. > >> > >> Best regards, > >> Jongyoul Lee > >> > >
