honeymoose
/
OpenSearch
mirror of https://github.com/honeymoose/OpenSearch.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Remove stale permissions from untrusted policy (#44783) 

We have some old permissions lying around, granted to untrusted code
from the days of yore when we supported Groovy and Javascript
scripting. This commit removes these stale permissions.
This commit is contained in:
Jason Tedor 2019-07-23 23:55:17 -07:00
parent 659ebf6cfb
commit 4c77d5e2c7
No known key found for this signature in database
GPG Key ID: FA89F05560F16BC5
1 changed files with 0 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
server/src/main/resources/org/elasticsearch/bootstrap/untrusted.policy
View File

@ -22,16 +22,6 @@
* This is what is needed for basic functionality to work.
*/
grant {
// groovy IndyInterface bootstrap requires this property for indy logging
permission java.util.PropertyPermission "groovy.indy.logging", "read";
// groovy requires this to enable workaround for certain JVMs (https://github.com/apache/groovy/pull/137)
permission java.util.PropertyPermission "java.vm.name", "read";
permission java.util.PropertyPermission "groovy.use.classvalue", "read";
// needed by Rhino engine exception handling
permission java.util.PropertyPermission "rhino.stack.style", "read";
// needed IndyInterface selectMethod (setCallSiteTarget)
// TODO: clean this up / only give it to engines that really must have it
permission java.lang.RuntimePermission "getClassLoader";