Uploaded image for project: 'Spark'
  1. Spark
  2. SPARK-26998

spark.ssl.keyStorePassword in plaintext on 'ps -ef' output of executor processes in Standalone mode

Attach filesAttach ScreenshotVotersWatch issueWatchersCreate sub-taskLinkCloneUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

Details

    Description

      Run spark standalone mode, then start a spark-submit requiring at least 1 executor. Do a 'ps -ef' on linux (ie putty terminal) and you will be able to see  spark.ssl.keyStorePassword value in plaintext!

       

      spark.ssl.keyStorePassword and  spark.ssl.keyPassword don't need to be passed to  CoarseGrainedExecutorBackend. Only  spark.ssl.trustStorePassword is used.

       

      Can be resolved if below PR is merged:

      [Github] Pull Request #21514 (tooptoop4)

      Attachments

        Issue Links

        Activity

          This comment will be Viewable by All Users Viewable by All Users
          Cancel

          People

            gsomogyi Gabor Somogyi
            toopt4 t oo
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Slack

                Issue deployment