spark-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Marcelo Vanzin (JIRA)" <>
Subject [jira] [Assigned] (SPARK-16501) spark.mesos.secret exposed on UI and command line
Date Fri, 09 Feb 2018 19:39:00 GMT


Marcelo Vanzin reassigned SPARK-16501:

    Assignee: Rob Vesse  (was: Marcelo Vanzin)

> spark.mesos.secret exposed on UI and command line
> -------------------------------------------------
>                 Key: SPARK-16501
>                 URL:
>             Project: Spark
>          Issue Type: Improvement
>          Components: Spark Submit, Web UI
>    Affects Versions: 1.6.2
>            Reporter: Eric Daniel
>            Assignee: Rob Vesse
>            Priority: Major
>              Labels: security
>             Fix For: 2.4.0
> There are two related problems with spark.mesos.secret:
> 1) The web UI shows its value in the "environment" tab
> 2) Passing it as a command-line option to spark-submit (or creating a SparkContext from
python, with the effect of launching spark-submit)  exposes it to "ps"
> I'll be happy to submit a patch but I could use some advice first.
> The first problem is easy enough, just don't show that value in the UI
> For the second problem, I'm not sure what the best solution is. A "spark.mesos.secret-file"
parameter would let the user store the secret in a non-world-readable file. Alternatively,
the mesos secret could be obtained from the environment, which other users don't have access
to.  Either solution would work in client mode, but I don't know if they're workable in cluster

This message was sent by Atlassian JIRA

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message