Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Introduce secure security manager to project #28453

Closed
wants to merge 5 commits into from

Conversation

Projects
None yet
5 participants
@jasontedor
Copy link
Member

commented Jan 31, 2018

This commit migrates SecureSM, our secure security manager implementation, from its own repository to being a sub-project of Elasticsearch.

rmuir and others added some commits Oct 29, 2015

Add sanity interruption assertion
This commit adds an assertion to the TestSecureSM#testNoModifySibling
test that sanity checks that the second child was actually interrupted
and therefore actually attempted to interrupt the first child.
Allow whitelist of packages that can exit
Today, SecureSM has a mechanism that enables a hardcoded list of test
packages to exit if the SecureSM instance is constructed with a boolean
flag indicating that these packages will be permitted to exit. This
commit replaces this mechanism by allowing the SecureSM instance to be
constructed with a whitelist of packages that can exit.

Relates #4
Tighten which classes can exit
Today a SecureSM security manager allows defining a list of packages
that can exit the VM. However, today there are no restrictions on
defining a package inside another JAR. This commit strengthens the
ability to prevent exit by allowing construction of SecureSM to be done
with a list of regular expressions (instead of a list of prefix names)
that classes will be tested against. With this, a security manager can
be installed that permits only exiting from an exact list of classes.

Relates #5

@jasontedor jasontedor requested a review from rjernst Jan 31, 2018

@jasontedor jasontedor force-pushed the jasontedor:secure-sm branch 8 times, most recently Jan 31, 2018

@rjernst
Copy link
Member

left a comment

This looks good, but I think there are 2 other changes necessary:

  1. Modify the security policy to use the new jar name (I think that is why CI failed)
  2. Modify BootstrapForTesting to make it work in intellij (see the line for plugin-classloader there)
libs/secure-sm/build.gradle Outdated
import org.elasticsearch.gradle.precommit.PrecommitTasks

apply plugin: 'elasticsearch.build'
apply plugin: 'nebula.optional-base'

This comment has been minimized.

Copy link
@rjernst

rjernst Jan 31, 2018

Member

Is this used?

This comment has been minimized.

Copy link
@jasontedor

jasontedor Jan 31, 2018

Author Member

I removed this.

@jasontedor jasontedor force-pushed the jasontedor:secure-sm branch Jan 31, 2018

@jasontedor

This comment has been minimized.

Copy link
Member Author

commented Jan 31, 2018

Thanks @rjernst. I force pushed a commit addressing your comments. I know we do not like force pushes in reviews but I force pushed here because we want to merge all the commits in this PR into master so as to preserve the original history of securesm. Adding more commits on top of my initial commit here would have a lot of other commits coming along for the ride that we do not want, we want only the original history from securesm and exactly one commit integrating securesm into elasticsearch.

Introduce secure security manager to project
This commit migrates SecureSM, our secure security manager
implementation, from its own repository to being a sub-project of
Elasticsearch.

@jasontedor jasontedor force-pushed the jasontedor:secure-sm branch to daf2392 Jan 31, 2018

@rjernst
Copy link
Member

left a comment

LGTM

@jasontedor

This comment has been minimized.

Copy link
Member Author

commented Feb 1, 2018

Closed via 1b3d529

@jasontedor jasontedor closed this Feb 1, 2018

@jasontedor jasontedor deleted the jasontedor:secure-sm branch Feb 1, 2018

@colings86 colings86 added v7.0.0-beta1 and removed v7.0.0 labels Feb 7, 2019

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.