Core: Handle security manager permission for deprecation log rolling#37281
Merged
rjernst merged 4 commits intoelastic:masterfrom Jan 10, 2019
Merged
Core: Handle security manager permission for deprecation log rolling#37281rjernst merged 4 commits intoelastic:masterfrom
rjernst merged 4 commits intoelastic:masterfrom
Conversation
When the deprecation log is written to within scripting support code like ScriptDocValues, it runs under the reduces privileges of scripts. Sometimes this can trigger log rolling, which then causes uncaught security errors, as was handled in elastic#28485. While doing individual deprecation handling within each deprecation scripting location is possible, there are a growing number of deprecations in scripts. This commit wraps the logging call within the deprecation logger use a doPrivileged block, just was we would within individual logging call sites for scripting utilities.
jdconrad
reviewed
Jan 9, 2019
|
|
||
| if (log) { | ||
| logger.warn(message, params); | ||
| AccessController.doPrivileged((PrivilegedAction<Void>)() -> { |
Contributor
There was a problem hiding this comment.
Do we want this to be wrapped in a doPrivileged block for all calls or just for ones made from scripts?
Member
Author
There was a problem hiding this comment.
I think all callers is fine. It is essentially a noop for other callers, since they already run with at least the permissions of the server jar. Scripts are the only place with reduced privileges.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
When the deprecation log is written to within scripting support code
like ScriptDocValues, it runs under the reduces privileges of scripts.
Sometimes this can trigger log rolling, which then causes uncaught
security errors, as was handled in #28485. While doing individual
deprecation handling within each deprecation scripting location is
possible, there are a growing number of deprecations in scripts.
This commit wraps the logging call within the deprecation logger use a
doPrivileged block, just was we would within individual logging call
sites for scripting utilities.