[SPARK-38992][CORE] Avoid using bash -c in ShellBasedGroupsMappingProvider #36315
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
cc @JoshRosen @gengliangwang mind taking a look please? |
HyukjinKwon
changed the title
core/src/main/scala/org/apache/spark/security/ShellBasedGroupsMappingProvider.scala
Show resolved
Hide resolved
gengliangwang
approved these changes
Apr 22, 2022
JoshRosen
reviewed
Apr 22, 2022
There was a problem hiding this comment.
It looks likehadoop-common's Shell.getGroupsForUserCommand() implements similar functionality, except it invokes both id -Gn and id -gn so that the primary group can be returned first (see HADOOP-10401):
They use bash -c because they have to issue two id calls and want to avoid the added overhead of two separate fork() calls. They use a helper function to escape the username and thereby avoid command injection.
They were using bash -c even prior to that change, though. I'm not sure why, since I think the id command should be a built in on any POSIX system: https://pubs.opengroup.org/onlinepubs/009604499/utilities/id.html
Given this, maybe it's safe for us to drop the bash -c and just invoke id directly?
JoshRosen
reviewed
Apr 22, 2022
core/src/main/scala/org/apache/spark/security/ShellBasedGroupsMappingProvider.scala
Outdated
Show resolved
Hide resolved
HyukjinKwon
force-pushed
the
SPARK-38992
branch
from
58e84ab
to
e13a070
Compare
JoshRosen
approved these changes
Apr 22, 2022
HyukjinKwon
added a commit
that referenced
this pull request
Apr 22, 2022
…vider ### What changes were proposed in this pull request? This PR proposes to avoid using `bash -c` in `ShellBasedGroupsMappingProvider`. This could allow users a command injection. ### Why are the changes needed? For a security purpose. ### Does this PR introduce _any_ user-facing change? Virtually no. ### How was this patch tested? Manually tested. Closes #36315 from HyukjinKwon/SPARK-38992. Authored-by: Hyukjin Kwon <gurwls223@apache.org> Signed-off-by: Hyukjin Kwon <gurwls223@apache.org> (cherry picked from commit c83618e) Signed-off-by: Hyukjin Kwon <gurwls223@apache.org>
HyukjinKwon
added a commit
that referenced
this pull request
Apr 22, 2022
…vider ### What changes were proposed in this pull request? This PR proposes to avoid using `bash -c` in `ShellBasedGroupsMappingProvider`. This could allow users a command injection. ### Why are the changes needed? For a security purpose. ### Does this PR introduce _any_ user-facing change? Virtually no. ### How was this patch tested? Manually tested. Closes #36315 from HyukjinKwon/SPARK-38992. Authored-by: Hyukjin Kwon <gurwls223@apache.org> Signed-off-by: Hyukjin Kwon <gurwls223@apache.org> (cherry picked from commit c83618e) Signed-off-by: Hyukjin Kwon <gurwls223@apache.org>
|
Merged to master, branch-3.3, branch-3.2, branch-3.1, and branch-3.0. |
HyukjinKwon
added a commit
that referenced
this pull request
Apr 22, 2022
…vider ### What changes were proposed in this pull request? This PR proposes to avoid using `bash -c` in `ShellBasedGroupsMappingProvider`. This could allow users a command injection. ### Why are the changes needed? For a security purpose. ### Does this PR introduce _any_ user-facing change? Virtually no. ### How was this patch tested? Manually tested. Closes #36315 from HyukjinKwon/SPARK-38992. Authored-by: Hyukjin Kwon <gurwls223@apache.org> Signed-off-by: Hyukjin Kwon <gurwls223@apache.org> (cherry picked from commit c83618e) Signed-off-by: Hyukjin Kwon <gurwls223@apache.org>
HyukjinKwon
added a commit
that referenced
this pull request
Apr 22, 2022
…vider ### What changes were proposed in this pull request? This PR proposes to avoid using `bash -c` in `ShellBasedGroupsMappingProvider`. This could allow users a command injection. ### Why are the changes needed? For a security purpose. ### Does this PR introduce _any_ user-facing change? Virtually no. ### How was this patch tested? Manually tested. Closes #36315 from HyukjinKwon/SPARK-38992. Authored-by: Hyukjin Kwon <gurwls223@apache.org> Signed-off-by: Hyukjin Kwon <gurwls223@apache.org> (cherry picked from commit c83618e) Signed-off-by: Hyukjin Kwon <gurwls223@apache.org>
zheniantoushipashi
pushed a commit
to zheniantoushipashi/spark
that referenced
this pull request
Jul 18, 2022
…vider ### What changes were proposed in this pull request? This PR proposes to avoid using `bash -c` in `ShellBasedGroupsMappingProvider`. This could allow users a command injection. ### Why are the changes needed? For a security purpose. ### Does this PR introduce _any_ user-facing change? Virtually no. ### How was this patch tested? Manually tested. Closes apache#36315 from HyukjinKwon/SPARK-38992. Authored-by: Hyukjin Kwon <gurwls223@apache.org> Signed-off-by: Hyukjin Kwon <gurwls223@apache.org>
Mrhs121
pushed a commit
to Mrhs121/spark
that referenced
this pull request
Jul 22, 2022
…vider ### What changes were proposed in this pull request? This PR proposes to avoid using `bash -c` in `ShellBasedGroupsMappingProvider`. This could allow users a command injection. ### Why are the changes needed? For a security purpose. ### Does this PR introduce _any_ user-facing change? Virtually no. ### How was this patch tested? Manually tested. Closes apache#36315 from HyukjinKwon/SPARK-38992. Authored-by: Hyukjin Kwon <gurwls223@apache.org> Signed-off-by: Hyukjin Kwon <gurwls223@apache.org>
Mrhs121
pushed a commit
to Mrhs121/spark
that referenced
this pull request
Jul 27, 2022
…vider ### What changes were proposed in this pull request? This PR proposes to avoid using `bash -c` in `ShellBasedGroupsMappingProvider`. This could allow users a command injection. ### Why are the changes needed? For a security purpose. ### Does this PR introduce _any_ user-facing change? Virtually no. ### How was this patch tested? Manually tested. Closes apache#36315 from HyukjinKwon/SPARK-38992. Authored-by: Hyukjin Kwon <gurwls223@apache.org> Signed-off-by: Hyukjin Kwon <gurwls223@apache.org>
kazuyukitanimura
pushed a commit
to kazuyukitanimura/spark
that referenced
this pull request
Aug 10, 2022
…vider ### What changes were proposed in this pull request? This PR proposes to avoid using `bash -c` in `ShellBasedGroupsMappingProvider`. This could allow users a command injection. ### Why are the changes needed? For a security purpose. ### Does this PR introduce _any_ user-facing change? Virtually no. ### How was this patch tested? Manually tested. Closes apache#36315 from HyukjinKwon/SPARK-38992. Authored-by: Hyukjin Kwon <gurwls223@apache.org> Signed-off-by: Hyukjin Kwon <gurwls223@apache.org> (cherry picked from commit c83618e) Signed-off-by: Hyukjin Kwon <gurwls223@apache.org>
Mrhs121
pushed a commit
to Kyligence/spark
that referenced
this pull request
Aug 30, 2022
…vider ### What changes were proposed in this pull request? This PR proposes to avoid using `bash -c` in `ShellBasedGroupsMappingProvider`. This could allow users a command injection. ### Why are the changes needed? For a security purpose. ### Does this PR introduce _any_ user-facing change? Virtually no. ### How was this patch tested? Manually tested. Closes apache#36315 from HyukjinKwon/SPARK-38992. Authored-by: Hyukjin Kwon <gurwls223@apache.org> Signed-off-by: Hyukjin Kwon <gurwls223@apache.org>
skhandrikagmail
added a commit
to ravitejarp/spark
that referenced
this pull request
Sep 7, 2022
[SPARK-38992][CORE] Avoid using bash -c in ShellBasedGroupsMappingProvider apache#36315
chenzhx
pushed a commit
to chenzhx/spark
that referenced
this pull request
Sep 9, 2022
…vider ### What changes were proposed in this pull request? This PR proposes to avoid using `bash -c` in `ShellBasedGroupsMappingProvider`. This could allow users a command injection. ### Why are the changes needed? For a security purpose. ### Does this PR introduce _any_ user-facing change? Virtually no. ### How was this patch tested? Manually tested. Closes apache#36315 from HyukjinKwon/SPARK-38992. Authored-by: Hyukjin Kwon <gurwls223@apache.org> Signed-off-by: Hyukjin Kwon <gurwls223@apache.org>
chenzhx
pushed a commit
to Kyligence/spark
that referenced
this pull request
Sep 13, 2022
…vider ### What changes were proposed in this pull request? This PR proposes to avoid using `bash -c` in `ShellBasedGroupsMappingProvider`. This could allow users a command injection. ### Why are the changes needed? For a security purpose. ### Does this PR introduce _any_ user-facing change? Virtually no. ### How was this patch tested? Manually tested. Closes apache#36315 from HyukjinKwon/SPARK-38992. Authored-by: Hyukjin Kwon <gurwls223@apache.org> Signed-off-by: Hyukjin Kwon <gurwls223@apache.org>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
What changes were proposed in this pull request?
This PR proposes to avoid using
bash -cinShellBasedGroupsMappingProvider. This could allow users a command injection.Why are the changes needed?
For a security purpose.
Does this PR introduce any user-facing change?
Virtually no.
How was this patch tested?
Manually tested.