Merge pull request elastic/elasticsearch#1001 from rmuir/lock_down_system_property_writes

Ban write access to system properties

Original commit: elastic/x-pack-elasticsearch@919cf17b14
This commit is contained in:
Robert Muir 2015-11-22 11:28:32 -05:00
commit 82d9247efe
4 changed files with 40 additions and 0 deletions

View File

@ -5,6 +5,7 @@
*/
package org.elasticsearch.shield;
import org.elasticsearch.SpecialPermission;
import org.elasticsearch.action.ActionModule;
import org.elasticsearch.client.Client;
import org.elasticsearch.client.support.Headers;
@ -53,6 +54,8 @@ import org.elasticsearch.transport.TransportModule;
import java.io.Closeable;
import java.nio.file.Path;
import java.util.*;
import java.security.AccessController;
import java.security.PrivilegedAction;
/**
*
@ -71,6 +74,35 @@ public class ShieldPlugin extends Plugin {
private final boolean clientMode;
private ShieldLicenseState shieldLicenseState;
// TODO: clean up this library to not ask for write access to all system properties!
static {
// invoke this clinit in unbound with permissions to access all system properties
SecurityManager sm = System.getSecurityManager();
if (sm != null) {
sm.checkPermission(new SpecialPermission());
}
try {
AccessController.doPrivileged(new PrivilegedAction<Void>() {
@Override
public Void run() {
try {
Class.forName("com.unboundid.util.Debug");
} catch (ClassNotFoundException e) {
throw new RuntimeException(e);
}
return null;
}
});
// TODO: fix gradle to add all shield resources (plugin metadata) to test classpath
// of watcher plugin, which depends on it directly. This prevents these plugins
// from being initialized correctly by the test framework, and means we have to
// have this leniency.
} catch (ExceptionInInitializerError bogus) {
if (bogus.getCause() instanceof SecurityException == false) {
throw bogus; // some other bug
}
}
}
public ShieldPlugin(Settings settings) {
this.settings = settings;

View File

@ -0,0 +1,4 @@
grant {
// needed because of problems in unbound LDAP library
permission java.util.PropertyPermission "*", "read,write";
};

View File

@ -7,6 +7,7 @@ package org.elasticsearch.watcher;
import org.elasticsearch.Version;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.SuppressForbidden;
import org.elasticsearch.license.plugin.LicensePlugin;
import org.elasticsearch.node.MockNode;
import org.elasticsearch.node.Node;
@ -23,6 +24,7 @@ import java.util.concurrent.CountDownLatch;
*/
public class WatcherF {
@SuppressForbidden(reason = "not really code or a test")
public static void main(String[] args) throws Throwable {
Settings.Builder settings = Settings.builder();
settings.put("http.cors.enabled", "true");

View File

@ -13,6 +13,7 @@ import org.elasticsearch.action.search.SearchRequest;
import org.elasticsearch.action.search.SearchResponse;
import org.elasticsearch.client.Client;
import org.elasticsearch.common.Strings;
import org.elasticsearch.common.SuppressForbidden;
import org.elasticsearch.common.metrics.MeanMetric;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.unit.ByteSizeValue;
@ -63,6 +64,7 @@ public class WatcherScheduleEngineBenchmark {
.put("http.cors.enabled", true)
.build();
@SuppressForbidden(reason = "not really code or a test")
public static void main(String[] args) throws Exception {
System.setProperty("es.logger.prefix", "");