Introduce secure security manager to project#28453
Closed
jasontedor wants to merge 5 commits intoelastic:masterfrom
Closed
Introduce secure security manager to project#28453jasontedor wants to merge 5 commits intoelastic:masterfrom
jasontedor wants to merge 5 commits intoelastic:masterfrom
Conversation
This commit adds an assertion to the TestSecureSM#testNoModifySibling test that sanity checks that the second child was actually interrupted and therefore actually attempted to interrupt the first child.
Today, SecureSM has a mechanism that enables a hardcoded list of test packages to exit if the SecureSM instance is constructed with a boolean flag indicating that these packages will be permitted to exit. This commit replaces this mechanism by allowing the SecureSM instance to be constructed with a whitelist of packages that can exit. Relates elastic#4
Today a SecureSM security manager allows defining a list of packages that can exit the VM. However, today there are no restrictions on defining a package inside another JAR. This commit strengthens the ability to prevent exit by allowing construction of SecureSM to be done with a list of regular expressions (instead of a list of prefix names) that classes will be tested against. With this, a security manager can be installed that permits only exiting from an exact list of classes. Relates elastic#5
4d65b39 to
9f55409
Compare
rjernst
reviewed
Jan 31, 2018
Member
rjernst
left a comment
There was a problem hiding this comment.
This looks good, but I think there are 2 other changes necessary:
- Modify the security policy to use the new jar name (I think that is why CI failed)
- Modify
BootstrapForTestingto make it work in intellij (see the line for plugin-classloader there)
libs/secure-sm/build.gradle
Outdated
Member
Author
|
Thanks @rjernst. I force pushed a commit addressing your comments. I know we do not like force pushes in reviews but I force pushed here because we want to merge all the commits in this PR into master so as to preserve the original history of securesm. Adding more commits on top of my initial commit here would have a lot of other commits coming along for the ride that we do not want, we want only the original history from securesm and exactly one commit integrating securesm into elasticsearch. |
This commit migrates SecureSM, our secure security manager implementation, from its own repository to being a sub-project of Elasticsearch.
Member
Author
|
Closed via 1b3d529 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
5 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This commit migrates SecureSM, our secure security manager implementation, from its own repository to being a sub-project of Elasticsearch.