Hello,
Thank you for your opinion. Almost all opinions show that we'd better keep
Shell interpreter.
Following Apache rule, I'll make a vote in two days. Please leave your
various opinions.
Best regards,
Jongyoul Lee
2024년 4월 15일 (월) 오후 6:59, Danny Cranmer 님이 작성:
> +1 for keeping the interpret
+1 for keeping the interpreter. It poses no additional security risk to any
interpreter that runs arbitrary code. For instance, it is equivalent to
running Python subprocess commands (unless I am missing something).
Thanks,
Danny
On Mon, Apr 15, 2024 at 9:57 AM Cheng Pan wrote:
> I think the re
I think the real issue here is that the user is logged in with a normal
account, but runs a shell script using the system account, which is an
escalation of privileges.
Considering the feature has existed for a long period, and the user knows the
behavior, it’s good to reserve it as long as the
Hi All,
I would like to vote keeping it.
Zeppelin offers a way to run script without log in server, and interpreter's
permission is controlled.
For the CVE, zeppelin should not make a lot effort to validate whether user's
code is safety or not(not only shell, but also all coding interpreter like
Hello,
I went back and re-read the mailing list summary of CVE-2024-31861 before
composing this message, and I still don't quite grasp what the
reporter/finder of the alleged vulnerability thinks they found. I followed
the links to the NVD at NIST, and didn't find any more substantive
information
