Livy sessions/batches are not secured. Any user can stop another user session/batch

52 views
Skip to first unread message

Prabhu Kasinathan

unread,
Dec 7, 2016, 4:53:31 PM12/7/16
to Livy Development

Dev,

Livy session or batches are not currently secured. i.e. User A can start a session or batch and User B can submit code to session started by User A or even stop that session. This is critical issue on secured cluster, when User A is having sensitive data access, there may be a chance User B can access those sensitive datasets through User-A Session.

Please let me know how we can handle this one.

Here, is an example from our secured cluster. 


# Starting session from user "prabhu"

curl --silent --negotiate -u:prabhu localhost:8998/sessions -X POST -H 'Content-Type: application/json' -d '{
  "kind":"scala",
  "proxyUser":"prabhu",
  "name":"Testing"
}' | python -m json.tool

{
    "id": 371,
    "appId": null,
    "owner": "prabhu",
    "proxyUser": "prabhu",
    "state": "starting",
    "kind": "spark",
    "appInfo": {
        "driverLogUrl": null,
        "sparkUiUrl": null
    },
    "log": []
}

# Executing code to above session by some other user "don"

curl --silent --negotiate -u:don localhost:8998/sessions/371/statements -X POST -H 'Content-Type: application/json' -d '{
  "code":"sc.applicationId"
}' | python -m json.tool
{
    "id": 0,
    "state": "available",
    "output": {
        "status": "ok",
        "execution_count": 0,
        "data": {
            "text/plain": "res0: String = application_1476926173701_398436"
        }
    }
}

# Stopping above session by different user "john" this time

curl --silent --negotiate -u:john localhost:8998/sessions/371 -X DELETE | python -m json.tool
{
    "msg": "deleted"
}


Thanks
Prabhu

Prabhu Kasinathan

unread,
Jan 9, 2017, 9:34:43 PM1/9/17
to Livy Development
Any Thoughts?

If it's a bug/improvement, let us know to file a Jira ticket and work on enhancements to fix.

Thanks
Prabhu

Saisai Shao

unread,
Jan 9, 2017, 9:48:32 PM1/9/17
to Prabhu Kasinathan, Livy Development
Yes, I think it is because current Livy lacks ACL mechanism, which means all the authenticated users have equal permissions to all the sessions, we definitely should improve this. I remembered there's a similar JIRA about this.

--
You received this message because you are subscribed to the Google Groups "Livy Development" group.
To unsubscribe from this group and stop receiving emails from it, send an email to livy-dev+unsubscribe@cloudera.org.

Prabhu Kasinathan

unread,
Jan 9, 2017, 11:37:06 PM1/9/17
to Saisai Shao, Livy Development
Thanks for the confirmation. 

Meisam, please check this feature/ticket.
Reply all
Reply to author
Forward
0 new messages