bobbai00 commented on code in PR #4299: URL: https://github.com/apache/texera/pull/4299#discussion_r2955902288
########## SECURITY.md: ########## @@ -157,8 +159,9 @@ our [wiki](https://github.com/apache/texera/wiki/How-to-run-Texera-on-local-Kube ### Computing Unit Types Texera executes workflows on **computing units**. UI users (REGULAR and ADMIN) can execute arbitrary code (e.g., through -UDFs written in Python, R, Scala) within computing units as part of their workflows. This code is currently not -sandboxed or restricted by Texera. Deployment managers configure which types of computing units are available: +UDFs written in Python, R, Java, Scala) within computing units as part of their workflows. UDF execution is a known limitation that can break the intended privilege boundaries between roles — UDF code may access resources available in the execution environment, such as environment variables, configuration values, and other application state. Deployment managers are responsible for mitigating this risk by applying techniques such as sandboxing UDF execution, disallowing in-process (coordinator JVM) UDFs, and ensuring that only trusted users are granted roles that permit code execution. Review Comment: replace in-process UDFs with Java UDFs. Remove the (coordinator JVM) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
