Remove Environment.homeFile()

Today we grant read+write+delete access to any files underneath the home.
But we have to remove this, if we want to have improved security of files
underneath elasticsearch.
This commit is contained in:
Robert Muir 2015-07-20 20:27:36 -04:00
parent 4e2bdb67b7
commit 052cf1446f
6 changed files with 29 additions and 21 deletions

View File

@ -117,11 +117,11 @@ final class Security {
/** returns dynamic Permissions to configured paths */
static Permissions createPermissions(Environment environment) throws IOException {
// TODO: improve test infra so we can reduce permissions where read/write
// is not really needed...
Permissions policy = new Permissions();
// read-only dirs
addPath(policy, environment.binFile(), "read,readlink");
addPath(policy, environment.libFile(), "read,readlink");
addPath(policy, environment.tmpFile(), "read,readlink,write,delete");
addPath(policy, environment.homeFile(), "read,readlink,write,delete");
addPath(policy, environment.configFile(), "read,readlink,write,delete");
addPath(policy, environment.logsFile(), "read,readlink,write,delete");
addPath(policy, environment.pluginsFile(), "read,readlink,write,delete");

View File

@ -45,8 +45,6 @@ public class Environment {
private final Settings settings;
private final Path homeFile;
private final Path[] dataFiles;
private final Path[] dataWithClusterFiles;
@ -57,6 +55,12 @@ public class Environment {
private final Path pluginsFile;
/** location of bin/, used by plugin manager */
private final Path binFile;
/** location of lib/, */
private final Path libFile;
private final Path logsFile;
/** Path to the PID file (can be null if no PID file is configured) **/
@ -83,6 +87,7 @@ public class Environment {
public Environment(Settings settings) {
this.settings = settings;
final Path homeFile;
if (settings.get("path.home") != null) {
homeFile = PathUtils.get(cleanPath(settings.get("path.home")));
} else {
@ -133,6 +138,9 @@ public class Environment {
} else {
pidFile = null;
}
binFile = homeFile.resolve("bin");
libFile = homeFile.resolve("lib");
}
/**
@ -142,13 +150,6 @@ public class Environment {
return this.settings;
}
/**
* The home of the installation.
*/
public Path homeFile() {
return homeFile;
}
/**
* The data location.
*/
@ -236,6 +237,14 @@ public class Environment {
return pluginsFile;
}
public Path binFile() {
return binFile;
}
public Path libFile() {
return libFile;
}
public Path logsFile() {
return logsFile;
}

View File

@ -140,8 +140,8 @@ public class Node implements Releasable {
if (logger.isDebugEnabled()) {
Environment env = tuple.v2();
logger.debug("using home [{}], config [{}], data [{}], logs [{}], plugins [{}]",
env.homeFile(), env.configFile(), Arrays.toString(env.dataFiles()), env.logsFile(), env.pluginsFile());
logger.debug("using config [{}], data [{}], logs [{}], plugins [{}]",
env.configFile(), Arrays.toString(env.dataFiles()), env.logsFile(), env.pluginsFile());
}
this.pluginsService = new PluginsService(tuple.v1(), tuple.v2());

View File

@ -733,7 +733,7 @@ public class PluginManager {
}
Path binDir(Environment env) {
return env.homeFile().resolve("bin").resolve(name);
return env.binFile().resolve(name);
}
Path configDir(Environment env) {

View File

@ -53,7 +53,7 @@ public class SecurityTests extends ElasticsearchTestCase {
}
// the fake es home
assertTrue(permissions.implies(new FilePermission(esHome.toString(), "read")));
assertFalse(permissions.implies(new FilePermission(esHome.toString(), "read")));
// its parent
assertFalse(permissions.implies(new FilePermission(path.toString(), "read")));
// some other sibling
@ -88,9 +88,8 @@ public class SecurityTests extends ElasticsearchTestCase {
}
// check that all directories got permissions:
// homefile: this is needed unless we break out rules for "lib" dir.
// TODO: make read-only
assertTrue(permissions.implies(new FilePermission(environment.homeFile().toString(), "read,readlink,write,delete")));
assertTrue(permissions.implies(new FilePermission(environment.binFile().toString(), "read")));
assertTrue(permissions.implies(new FilePermission(environment.libFile().toString(), "read")));
// config file
// TODO: make read-only
assertTrue(permissions.implies(new FilePermission(environment.configFile().toString(), "read,readlink,write,delete")));

View File

@ -85,7 +85,7 @@ public class PluginManagerTests extends ElasticsearchIntegrationTest {
String pluginName = "plugin-test";
Tuple<Settings, Environment> initialSettings = buildInitialSettings();
Environment env = initialSettings.v2();
Path binDir = env.homeFile().resolve("bin");
Path binDir = env.binFile();
if (!Files.exists(binDir)) {
Files.createDirectories(binDir);
}
@ -212,7 +212,7 @@ public class PluginManagerTests extends ElasticsearchIntegrationTest {
String pluginName = "plugin-test";
Tuple<Settings, Environment> initialSettings = buildInitialSettings();
Environment env = initialSettings.v2();
Path binDir = env.homeFile().resolve("bin");
Path binDir = env.binFile();
if (!Files.exists(binDir)) {
Files.createDirectories(binDir);
}