Can we trust user servers?

I have a question about the security model of JupyterHub. Are the user servers trusted? For example, I am working on a grading tool, and want to know if it is safe to run some of the grading code in a user server instance.

As far as I understand, first you have the hub process. This launches user servers via spawners, and these in turn run notebook kernels. It is clear that the user can do all kinds of things with the notebook kernels. But can they also manipulate the user server? I think they can because they basically have a shell and the user server runs under the same Linux user. So things like API secrets to report back grades should only live in the hub process, right?

That’s right, the singleuser server runs as the user, which means the user has access to the process. Even if there wasn’t a shell you can execute arbitrary processes and open files with Python or whatever kernel you’re using, so could read the memory space of the process.

If you need to provide access to an authenticated external resource without exposing credentials one option is to write a JupyterHub service that calls the external service on behalf of the user

1 Like

Thanks, using a JupyterHub service works fine!