Hack around aws security hole of accessing sun.security.ssl, s3 repository works on java 9 again

Today this is really horrible, and we have a PR sent to fix it, but nobody does anything: https://github.com/aws/aws-sdk-java/pull/432 With java 9, we cannot even grant the permission, this kind of sheistiness is not allowed, and s3 repository is completely broken. The problem is their code is still broken, and won't handle neither SecurityException (our PR) nor the new InaccessibleObjectException they will get from java 9. We use a really hacky hack to deliver an exception that their code catches (IllegalAccessException) instead. This means s3 repository is working on java 9, and we close off access to sun.security.ssl completely
2015-09-12 14:16:16 -04:00 · 2015-09-12 14:16:16 -04:00 · 174ca77ebf
parent 0b16552367
commit 174ca77ebf
2 changed files with 28 additions and 2 deletions
--- a/core/src/main/java/org/elasticsearch/bootstrap/ESPolicy.java
+++ b/core/src/main/java/org/elasticsearch/bootstrap/ESPolicy.java
@ -61,7 +61,35 @@ final class ESPolicy extends Policy {
            }
        }

+        // Special handling for broken AWS code which destroys all SSL security
+        // REMOVE THIS when https://github.com/aws/aws-sdk-java/pull/432 is fixed
+        if (permission instanceof RuntimePermission && "accessClassInPackage.sun.security.ssl".equals(permission.getName())) {
+            for (StackTraceElement element : Thread.currentThread().getStackTrace()) {
+                if ("com.amazonaws.http.conn.ssl.SdkTLSSocketFactory".equals(element.getClassName()) &&
+                      "verifyMasterSecret".equals(element.getMethodName())) {
+                    // we found the horrible method: the hack begins!
+                    // force the aws code to back down, by throwing an exception that it catches.
+                    rethrow(new IllegalAccessException("no amazon, you cannot do this."));
+                }
+            }
+        }
        // otherwise defer to template + dynamic file permissions
        return template.implies(domain, permission) || dynamic.implies(permission);
    }
+
+    /**
+     * Classy puzzler to rethrow any checked exception as an unchecked one.
+     */
+    private static class Rethrower<T extends Throwable> {
+        private void rethrow(Throwable t) throws T {
+            throw (T) t;
+        }
+    }
+
+    /**
+     * Rethrows <code>t</code> (identical object).
+     */
+    private void rethrow(Throwable t) {
+        new Rethrower<Error>().rethrow(t);
+    }
 }
--- a/core/src/main/resources/org/elasticsearch/bootstrap/security.policy
+++ b/core/src/main/resources/org/elasticsearch/bootstrap/security.policy
@ -86,8 +86,6 @@ grant {
  // reflection hacks:
  // needed by groovy engine
  permission java.lang.RuntimePermission "accessClassInPackage.sun.reflect";
-  // needed by aws core sdk (TODO: look into this)
-  permission java.lang.RuntimePermission "accessClassInPackage.sun.security.ssl";
  
  // needed by RandomizedRunner
  permission java.lang.RuntimePermission "accessDeclaredMembers";