From 174ca77ebfe82548f8356ca0120cad1aa8eb259f Mon Sep 17 00:00:00 2001 From: Robert Muir Date: Sat, 12 Sep 2015 14:16:16 -0400 Subject: [PATCH] Hack around aws security hole of accessing sun.security.ssl, s3 repository works on java 9 again Today this is really horrible, and we have a PR sent to fix it, but nobody does anything: https://github.com/aws/aws-sdk-java/pull/432 With java 9, we cannot even grant the permission, this kind of sheistiness is not allowed, and s3 repository is completely broken. The problem is their code is still broken, and won't handle neither SecurityException (our PR) nor the new InaccessibleObjectException they will get from java 9. We use a really hacky hack to deliver an exception that their code catches (IllegalAccessException) instead. This means s3 repository is working on java 9, and we close off access to sun.security.ssl completely --- .../org/elasticsearch/bootstrap/ESPolicy.java | 28 +++++++++++++++++++ .../elasticsearch/bootstrap/security.policy | 2 -- 2 files changed, 28 insertions(+), 2 deletions(-) diff --git a/core/src/main/java/org/elasticsearch/bootstrap/ESPolicy.java b/core/src/main/java/org/elasticsearch/bootstrap/ESPolicy.java index 4f204966875..fdc0d4e4acd 100644 --- a/core/src/main/java/org/elasticsearch/bootstrap/ESPolicy.java +++ b/core/src/main/java/org/elasticsearch/bootstrap/ESPolicy.java @@ -61,7 +61,35 @@ final class ESPolicy extends Policy { } } + // Special handling for broken AWS code which destroys all SSL security + // REMOVE THIS when https://github.com/aws/aws-sdk-java/pull/432 is fixed + if (permission instanceof RuntimePermission && "accessClassInPackage.sun.security.ssl".equals(permission.getName())) { + for (StackTraceElement element : Thread.currentThread().getStackTrace()) { + if ("com.amazonaws.http.conn.ssl.SdkTLSSocketFactory".equals(element.getClassName()) && + "verifyMasterSecret".equals(element.getMethodName())) { + // we found the horrible method: the hack begins! + // force the aws code to back down, by throwing an exception that it catches. + rethrow(new IllegalAccessException("no amazon, you cannot do this.")); + } + } + } // otherwise defer to template + dynamic file permissions return template.implies(domain, permission) || dynamic.implies(permission); } + + /** + * Classy puzzler to rethrow any checked exception as an unchecked one. + */ + private static class Rethrower { + private void rethrow(Throwable t) throws T { + throw (T) t; + } + } + + /** + * Rethrows t (identical object). + */ + private void rethrow(Throwable t) { + new Rethrower().rethrow(t); + } } diff --git a/core/src/main/resources/org/elasticsearch/bootstrap/security.policy b/core/src/main/resources/org/elasticsearch/bootstrap/security.policy index aa88fba02e5..befeef41bbd 100644 --- a/core/src/main/resources/org/elasticsearch/bootstrap/security.policy +++ b/core/src/main/resources/org/elasticsearch/bootstrap/security.policy @@ -86,8 +86,6 @@ grant { // reflection hacks: // needed by groovy engine permission java.lang.RuntimePermission "accessClassInPackage.sun.reflect"; - // needed by aws core sdk (TODO: look into this) - permission java.lang.RuntimePermission "accessClassInPackage.sun.security.ssl"; // needed by RandomizedRunner permission java.lang.RuntimePermission "accessDeclaredMembers";