honeymoose
/
OpenSearch
mirror of https://github.com/honeymoose/OpenSearch.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #11982 from rmuir/grr_bad_defaults 

really ban exitVM with security policy
This commit is contained in:
Robert Muir 2015-07-01 17:58:07 -04:00
parent 6021bd8cca 5aa5c98826
commit ce900b4d7a
1 changed files with 10 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
core/src/main/java/org/elasticsearch/bootstrap/Security.java
View File

@ -57,7 +57,16 @@ final class Security {
Policy.setPolicy(new ESPolicy(createPermissions(environment)));
// enable security manager
System.setSecurityManager(new SecurityManager());
System.setSecurityManager(new SecurityManager() {
// we disable this completely, because its granted otherwise:
// 'Note: The "exitVM.*" permission is automatically granted to
// all code loaded from the application class path, thus enabling
// applications to terminate themselves.'
@Override
public void checkExit(int status) {
throw new SecurityException("exit(" + status + ") not allowed by system policy");
}
});
// do some basic tests
selfTest();