Merge pull request #11982 from rmuir/grr_bad_defaults

really ban exitVM with security policy
elastic · Jul 1, 2015 · ce900b4 · ce900b4
2 parents 6021bd8 + 5aa5c98
commit ce900b4
Showing 1 changed file with 10 additions and 1 deletion.
diff --git a/core/src/main/java/org/elasticsearch/bootstrap/Security.java b/core/src/main/java/org/elasticsearch/bootstrap/Security.java
@@ -57,7 +57,16 @@ static void configure(Environment environment) throws Exception {
         Policy.setPolicy(new ESPolicy(createPermissions(environment)));
 
         // enable security manager
-        System.setSecurityManager(new SecurityManager());
+        System.setSecurityManager(new SecurityManager() {
+            // we disable this completely, because its granted otherwise:
+            // 'Note: The "exitVM.*" permission is automatically granted to
+            // all code loaded from the application class path, thus enabling
+            // applications to terminate themselves.'
+            @Override
+            public void checkExit(int status) {
+                throw new SecurityException("exit(" + status + ") not allowed by system policy");
+            }
+        });
 
         // do some basic tests
         selfTest();