From commits-return-21097-archive-asf-public=cust-asf.ponee.io@airflow.incubator.apache.org Thu Sep 6 11:37:04 2018 Return-Path: X-Original-To: archive-asf-public@cust-asf.ponee.io Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by mx-eu-01.ponee.io (Postfix) with SMTP id C780E180674 for ; Thu, 6 Sep 2018 11:37:03 +0200 (CEST) Received: (qmail 4414 invoked by uid 500); 6 Sep 2018 09:37:02 -0000 Mailing-List: contact commits-help@airflow.incubator.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@airflow.incubator.apache.org Delivered-To: mailing list commits@airflow.incubator.apache.org Received: (qmail 4405 invoked by uid 99); 6 Sep 2018 09:37:02 -0000 Received: from pnap-us-west-generic-nat.apache.org (HELO spamd2-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 06 Sep 2018 09:37:02 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd2-us-west.apache.org (ASF Mail Server at spamd2-us-west.apache.org) with ESMTP id 862AD1A15E7 for ; Thu, 6 Sep 2018 09:37:02 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd2-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: -110.301 X-Spam-Level: X-Spam-Status: No, score=-110.301 tagged_above=-999 required=6.31 tests=[ENV_AND_HDR_SPF_MATCH=-0.5, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, USER_IN_DEF_SPF_WL=-7.5, USER_IN_WHITELIST=-100] autolearn=disabled Received: from mx1-lw-eu.apache.org ([10.40.0.8]) by localhost (spamd2-us-west.apache.org [10.40.0.9]) (amavisd-new, port 10024) with ESMTP id EIzXkMeaCzgh for ; Thu, 6 Sep 2018 09:37:01 +0000 (UTC) Received: from mailrelay1-us-west.apache.org (mailrelay1-us-west.apache.org [209.188.14.139]) by mx1-lw-eu.apache.org (ASF Mail Server at mx1-lw-eu.apache.org) with ESMTP id 39F3F5F3ED for ; Thu, 6 Sep 2018 09:37:01 +0000 (UTC) Received: from jira-lw-us.apache.org (unknown [207.244.88.139]) by mailrelay1-us-west.apache.org (ASF Mail Server at mailrelay1-us-west.apache.org) with ESMTP id 7C01BE0E1D for ; Thu, 6 Sep 2018 09:37:00 +0000 (UTC) Received: from jira-lw-us.apache.org (localhost [127.0.0.1]) by jira-lw-us.apache.org (ASF Mail Server at jira-lw-us.apache.org) with ESMTP id 39DB026B57 for ; Thu, 6 Sep 2018 09:37:00 +0000 (UTC) Date: Thu, 6 Sep 2018 09:37:00 +0000 (UTC) From: "Ash Berlin-Taylor (JIRA)" To: commits@airflow.incubator.apache.org Message-ID: In-Reply-To: References: Subject: [jira] [Updated] (AIRFLOW-2283) Explain multi-Tenant security limitations MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 [ https://issues.apache.org/jira/browse/AIRFLOW-2283?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Ash Berlin-Taylor updated AIRFLOW-2283: --------------------------------------- Flags: (was: Important) Remaining Estimate: (was: 168h) Original Estimate: (was: 168h) Component/s: (was: webserver) (was: security) (was: scheduler) (was: models) Summary: Explain multi-Tenant security limitations (was: Multi-Tenant security vulnerability) > Explain multi-Tenant security limitations > ----------------------------------------- > > Key: AIRFLOW-2283 > URL: https://issues.apache.org/jira/browse/AIRFLOW-2283 > Project: Apache Airflow > Issue Type: Bug > Affects Versions: 1.8.0 > Environment: Any/All > Reporter: Garrett Summers > Priority: Major > Labels: security > > We noticed what we think to be a potential security vulnerability when importing dag files in the following line: > {{m = imp.load_source(mod_name, filepath)}} > This line in the DagBag.process_file code imports the dag files available, but this causes all of the code in the file to actually execute (which could be any arbitrary code). If the dags for different tenants are being stored in a common dag structure (even though the are filtered for the different tenants) then the arbitrary code execution would make it possible for one tenant to access/modify the dags of other tenants. This would be a major problem for users who utilize the multi-tenant functionality in Airflow. -- This message was sent by Atlassian JIRA (v7.6.3#76005)