Home Explore Help
Sign In
lqb
/
elasticsearch
mirror of https://gitee.com/mirrors/elasticsearch.git
1
0
Fork 0
Files Issues 0 Wiki
Browse Source

Restrict createClassLoader to modules (#67127)

Creating classloaders is not something plugins really need to do. It is
only necessary for cases of loading dynamic code, which we do within
painless. This commit restricts allowing this permission to modules.
Ryan Ernst 4 years ago
parent
8998df1526
commit
37c55efbc7
7 changed files with 7 additions and 7 deletions
Split View Show Diff Stats
  1. 1 1
      distribution/tools/plugin-cli/src/test/java/org/elasticsearch/plugins/InstallPluginCommandTests.java
  2. 1 1
      qa/evil-tests/src/test/java/org/elasticsearch/bootstrap/PolicyUtilTests.java
  3. 1 1
      qa/evil-tests/src/test/java/org/elasticsearch/plugins/PluginSecurityTests.java
  4. 1 1
      qa/evil-tests/src/test/resources/org/elasticsearch/plugins/security/complex-plugin-security.policy
  5. 1 1
      server/src/main/java/org/elasticsearch/bootstrap/PolicyUtil.java
  6. 1 1
      x-pack/qa/security-example-spi-extension/src/main/java/org/elasticsearch/example/ExampleSecurityExtension.java
  7. 1 1
      x-pack/qa/security-example-spi-extension/src/main/plugin-metadata/plugin-security.policy

+ 1 - 1
distribution/tools/plugin-cli/src/test/java/org/elasticsearch/plugins/InstallPluginCommandTests.java
View File 

@@ -1466,7 +1466,7 @@ public class InstallPluginCommandTests extends ESTestCase {
 
     public void testPolicyConfirmation() throws Exception {
 
         Tuple<Path, Environment> env = createEnv(fs, temp);
 
         Path pluginDir = createPluginDir(temp);
 
-        writePluginSecurityPolicy(pluginDir, "createClassLoader", "setFactory");
 
+        writePluginSecurityPolicy(pluginDir, "getClassLoader", "setFactory");
 
         String pluginZip = createPluginUrl("fake", pluginDir);
 
 
         assertPolicyConfirmation(env, pluginZip, "plugin requires additional permissions");

+ 1 - 1
qa/evil-tests/src/test/java/org/elasticsearch/bootstrap/PolicyUtilTests.java
View File 

@@ -214,7 +214,6 @@ public class PolicyUtilTests extends ESTestCase {
 
         "java.io.FilePermission /foo/bar read",
 
 
         "java.lang.reflect.ReflectPermission suppressAccessChecks",
 
-        "java.lang.RuntimePermission createClassLoader",
 
         "java.lang.RuntimePermission getClassLoader",
 
         "java.lang.RuntimePermission setContextClassLoader",
 
         "java.lang.RuntimePermission setFactory",
 
@@ -274,6 +273,7 @@ public class PolicyUtilTests extends ESTestCase {
 
 
     static final List<String> MODULE_TEST_PERMISSIONS = List.of(
 
         "java.io.FilePermission /foo/bar write",
 
+        "java.lang.RuntimePermission createClassLoader",
 
         "java.lang.RuntimePermission getFileStoreAttributes",
 
         "java.lang.RuntimePermission accessUserInformation"
 
     );

+ 1 - 1
qa/evil-tests/src/test/java/org/elasticsearch/plugins/PluginSecurityTests.java
View File 

@@ -54,7 +54,7 @@ public class PluginSecurityTests extends ESTestCase {
 
         Set<String> actual = PluginSecurity.getPermissionDescriptions(info, scratch);
 
         assertThat(actual, containsInAnyOrder(
 
             PluginSecurity.formatPermission(new RuntimePermission("getClassLoader")),
 
-            PluginSecurity.formatPermission(new RuntimePermission("createClassLoader"))));
 
+            PluginSecurity.formatPermission(new RuntimePermission("setFactory"))));
 
     }
 
 
     /** Test that we can format some simple permissions properly */

+ 1 - 1
qa/evil-tests/src/test/resources/org/elasticsearch/plugins/security/complex-plugin-security.policy
View File 

@@ -9,5 +9,5 @@
 
 grant {
 
   // needed to cause problems
 
   permission java.lang.RuntimePermission "getClassLoader";
 
-  permission java.lang.RuntimePermission "createClassLoader";
 
+  permission java.lang.RuntimePermission "setFactory";
 
 };

+ 1 - 1
server/src/main/java/org/elasticsearch/bootstrap/PolicyUtil.java
View File 

@@ -95,7 +95,6 @@ public class PolicyUtil {
 
             createFilePermission("<<ALL FILES>>", "read"),
 
 
             new ReflectPermission("suppressAccessChecks"),
 
-            new RuntimePermission("createClassLoader"),
 
             new RuntimePermission("getClassLoader"),
 
             new RuntimePermission("setContextClassLoader"),
 
             new RuntimePermission("setFactory"),
 
@@ -163,6 +162,7 @@ public class PolicyUtil {
 
         // but that we do not think plugins in general should need.
 
         List<Permission> modulePermissions = List.of(
 
             createFilePermission("<<ALL FILES>>", "read,write"),
 
+            new RuntimePermission("createClassLoader"),
 
             new RuntimePermission("getFileStoreAttributes"),
 
             new RuntimePermission("accessUserInformation"),
 
             new AuthPermission("modifyPrivateCredentials")

+ 1 - 1
x-pack/qa/security-example-spi-extension/src/main/java/org/elasticsearch/example/ExampleSecurityExtension.java
View File 

@@ -37,7 +37,7 @@ public class ExampleSecurityExtension implements SecurityExtension {
 
     static {
 
         // check that the extension's policy works.
 
         AccessController.doPrivileged((PrivilegedAction<Void>) () -> {
 
-            System.getSecurityManager().checkCreateClassLoader();
 
+            System.getSecurityManager().checkPropertyAccess("myproperty");
 
             return null;
 
         });
 
     }

+ 1 - 1
x-pack/qa/security-example-spi-extension/src/main/plugin-metadata/plugin-security.policy
View File 

@@ -1,4 +1,4 @@
 
 grant {
 
   // example security manager permission
 
-  permission java.lang.RuntimePermission "createClassLoader";
 
+  permission java.util.PropertyPermission "foobar", "read";
 
 };