Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Tighten up script security more #10999

Closed
wants to merge 3 commits into from
Closed

Tighten up script security more #10999

wants to merge 3 commits into from

Conversation

rmuir
Copy link
Contributor

@rmuir rmuir commented May 6, 2015

  • make the special codebase /_untrusted instead of /groovy/script,
    so that e.g. scripting plugins can use this if they want.
  • give _untrusted its own section in policy file, we do this by
    giving it a separate file (as to not have to muck around with
    codebase URLs and break plugins and stuff).
  • protect ES and lucene packages and only grant the ones we need
    to scripts. (yes its 6 and too many, but better than 500)
  • other minor cleanups

* make the special codebase /_untrusted instead of /groovy/script,
  so that e.g. scripting plugins can use this if they want.
* give _untrusted its own section in policy file, we do this by
  giving it a separate file (as to not have to muck around with
  codebase URLs and break plugins and stuff).
* protect ES and lucene packages and only grant the ones we need
  to scripts. (yes its 6 and too many, but better than 500)
* other minor cleanups
@rmuir
Copy link
Contributor Author

rmuir commented May 8, 2015

Wont fix. Problem is these scripting apis in es need some maturity before i can lock them down. They need to be simpler with more encapsulation, and non scripting code should not be using them. Otherwise the security would be equally complicated, and i dont want that.

@rmuir rmuir closed this May 8, 2015
@clintongormley clintongormley added >enhancement :Delivery/Packaging RPM and deb packaging, tar and zip archives, shell and batch scripts labels Jun 8, 2015
@mark-vieira mark-vieira added the Team:Delivery Meta label for Delivery team label Nov 11, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
:Delivery/Packaging RPM and deb packaging, tar and zip archives, shell and batch scripts >enhancement Team:Delivery Meta label for Delivery team v2.0.0-beta1
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

3 participants