Skip to content

chore(SECURITY.md): add more description regarding the UDF security model#4299

Open
bobbai00 wants to merge 9 commits intoapache:mainfrom
bobbai00:claude/update-security-policy-nNITK
Open

chore(SECURITY.md): add more description regarding the UDF security model#4299
bobbai00 wants to merge 9 commits intoapache:mainfrom
bobbai00:claude/update-security-policy-nNITK

Conversation

@bobbai00
Copy link
Contributor

@bobbai00 bobbai00 commented Mar 17, 2026
edited
Loading

What changes were proposed in this PR?

Updated SECURITY.md to provide more detailed guidance on UDF (User-Defined Function) security implications:

  • Added an Important note in the UI Users section clarifying that UDF code is unsandboxed and may access execution environment resources
  • Expanded the Computing Unit Types section with specific details on what UDF code can access (JVM classpath, environment variables, application state)
  • Added Java to the list of supported UDF languages alongside Python, R, and Scala
  • Added "Isolation of application secrets from UDF code" to the What is NOT Guaranteed list
  • Expanded the User Code Execution section to explicitly describe the known limitation around UDF access to sensitive values (e.g., JWT secrets, database credentials)

Any related issues, documentation, discussions?

Discussion: https://lists.apache.org/thread/thtr1817swnxb94z5fqwmkoob5yck4kl

How was this PR tested?

Documentation-only change. No code or tests affected.

Was this PR authored or co-authored using generative AI tooling?

Generated-by: Claude Code (claude-opus-4-6)

@claude
Update SECURITY.md with expanded UDF security details and March 2026 …
57e4adb 
…date

- Add UDF security warning in UI Users section about unsandboxed code execution
- Expand Computing Unit Types with detailed UDF access implications
- Add Java to supported UDF languages throughout
- Add "Isolation of application secrets" to NOT Guaranteed list
- Expand User Code Execution section with known limitation details
- Update Last Updated date to March 2026

https://claude.ai/code/session_01UnG9kQ8oHvtDXPMmouf7z5
@bobbai00 bobbai00 self-assigned this Mar 17, 2026
@bobbai00 bobbai00 added the docs Changes related to documentations label Mar 17, 2026
bobbai00
bobbai00 commented Mar 17, 2026
View reviewed changes
claude and others added 3 commits March 17, 2026 02:11
@claude
Revert formatting and metadata changes per PR review feedback
5f8b662 
- Restore Unicode right single quotation mark in Resources section
- Revert Access Level wording to original phrasing
- Restore trailing space in Deployments section line
- Revert Last Updated date back to November 2025

All substantive UDF security content additions are preserved.

https://claude.ai/code/session_01UnG9kQ8oHvtDXPMmouf7z5
@claude
Restore trailing newline at end of SECURITY.md
1003c19 
Reverts the remaining change flagged in PR review comment on line 272.

https://claude.ai/code/session_01UnG9kQ8oHvtDXPMmouf7z5
@bobbai00
Merge branch 'main' into claude/update-security-policy-nNITK
c178bc0
@chenlica chenlica requested a review from Yicong-Huang March 17, 2026 06:19
chenlica
chenlica approved these changes Mar 17, 2026
View reviewed changes
Copy link
Contributor

@chenlica chenlica left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM.

@Yicong-Huang
Copy link
Contributor

Yicong-Huang commented Mar 17, 2026

Sorry, but why is the change? it is not documented... and I don't know why we are changing it. If there are private context, please provide link in pr description so that ppl with access can read.

@bobbai00
Copy link
Contributor Author

bobbai00 commented Mar 17, 2026

Sorry, but why is the change? it is not documented... and I don't know why we are changing it. If there are private context, please provide link in pr description so that ppl with access can read.

The email thread is attached. Please review the changes introduced in this PR. Thanks.

Yicong-Huang
Yicong-Huang reviewed Mar 17, 2026
View reviewed changes
Yicong-Huang
Yicong-Huang reviewed Mar 17, 2026
View reviewed changes
Yicong-Huang
Yicong-Huang reviewed Mar 17, 2026
View reviewed changes
Yicong-Huang
Yicong-Huang approved these changes Mar 17, 2026
View reviewed changes
Copy link
Contributor

@Yicong-Huang Yicong-Huang left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Left comments in place. Otherwise, LGTM

claude and others added 2 commits March 17, 2026 21:58
@claude
Address review feedback from Yicong-Huang on SECURITY.md
9683b5d 
- Update Last Updated date to March 2026
- Generalize JVM-specific references to runtime-agnostic language
- Remove specific mentions of JWT secrets and database credentials

https://claude.ai/code/session_01UnG9kQ8oHvtDXPMmouf7z5
@bobbai00
Merge branch 'main' into claude/update-security-policy-nNITK
f2463ea
@carloea2
Copy link
Contributor

carloea2 commented Mar 18, 2026
edited
Loading

I think the line UI Users Access Level: Application-level access only. UI users work within the Texera platform but do not have access to: is misleading. In reality nowadays Texera cannot guarantee UI Regular User cannot do the same as a Deployment Manager. I think we should combine the roles or either be more explicit that Regular UI user is not guarantee to don't be able to behave either as an Admin or even Deployment Manager.

Can we change it to UI Users Access Level: Deployment-level access? or something more explicit?

carloea2
carloea2 suggested changes Mar 18, 2026
View reviewed changes
@Yicong-Huang Yicong-Huang enabled auto-merge (squash) March 18, 2026 07:22
@Yicong-Huang Yicong-Huang disabled auto-merge March 18, 2026 07:23
chenlica and others added 2 commits March 18, 2026 09:09
@chenlica
Merge branch 'main' into claude/update-security-policy-nNITK
2af5a01
@claude
Refine UDF security tone: known limitation with mitigation guidance
6155c28 
Restructure all UDF-related sections to follow a consistent 3-point tone:
1. State that the security model defines distinct roles with different privileges
2. Acknowledge UDFs as a known limitation that can break role boundaries
3. State deployment managers' responsibility to mitigate via sandboxing,
   disallowing in-process (coordinator JVM) UDFs, and role restrictions

https://claude.ai/code/session_01UnG9kQ8oHvtDXPMmouf7z5
@Yicong-Huang
Copy link
Contributor

Yicong-Huang commented Mar 18, 2026

There are too many duplications of the same statement. It's better not to use AI on this kind of document: let's make it less verbose and more concise.

bobbai00
bobbai00 commented Mar 18, 2026
View reviewed changes
SECURITY.md
Texera executes workflows on **computing units**. UI users (REGULAR and ADMIN) can execute arbitrary code (e.g., through
UDFs written in Python, R, Scala) within computing units as part of their workflows. This code is currently not
sandboxed or restricted by Texera. Deployment managers configure which types of computing units are available:
UDFs written in Python, R, Java, Scala) within computing units as part of their workflows. UDF execution is a known limitation that can break the intended privilege boundaries between roles — UDF code may access resources available in the execution environment, such as environment variables, configuration values, and other application state. Deployment managers are responsible for mitigating this risk by applying techniques such as sandboxing UDF execution, disallowing in-process (coordinator JVM) UDFs, and ensuring that only trusted users are granted roles that permit code execution.
Copy link
Contributor Author

@bobbai00 bobbai00 Mar 18, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

replace in-process UDFs with Java UDFs. Remove the (coordinator JVM)

bobbai00
bobbai00 commented Mar 18, 2026
View reviewed changes
SECURITY.md
- Network and firewall settings
- Container orchestration

**Important**: Texera's security model defines distinct roles with different privilege levels. However, REGULAR and ADMIN users can execute arbitrary code within computing units through User-Defined Functions (UDFs), which is a known limitation that can break the intended role boundaries. UDF code may access resources available in the execution environment, including environment variables, configuration values, and application state. Deployment managers are responsible for mitigating this by applying techniques such as sandboxing UDF execution and disallowing in-process (coordinator JVM) UDFs. See [Deployments and Computing Units](#deployments-and-computing-units) and [What is NOT a Security Issue](#what-is-not-a-security-issue) for more details.
Copy link
Contributor Author

@bobbai00 bobbai00 Mar 18, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

replace in-process UDFs with Java UDFs. Remove the (coordinator JVM)

Copy link
Contributor Author

@bobbai00 bobbai00 Mar 18, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fix the what-is-not-a-security-issue link

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Yicong-Huang Yicong-Huang Yicong-Huang approved these changes

@chenlica chenlica chenlica approved these changes

+1 more reviewer

@carloea2 carloea2 carloea2 requested changes

Reviewers whose approvals may not affect merge requirements

Assignees

@bobbai00 bobbai00

Labels

docs Changes related to documentations

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@bobbai00 @Yicong-Huang @carloea2 @chenlica @claude