Skip to content

Introduce secure security manager to project #28453

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 5 commits into from
Closed

Introduce secure security manager to project #28453

wants to merge 5 commits into from

Conversation

jasontedor
Copy link
Member

This commit migrates SecureSM, our secure security manager implementation, from its own repository to being a sub-project of Elasticsearch.

rmuir and others added 4 commits October 29, 2015 06:59
@rmuir
initial commit
80042ae
@jasontedor
Add sanity interruption assertion
06817ea 
This commit adds an assertion to the TestSecureSM#testNoModifySibling
test that sanity checks that the second child was actually interrupted
and therefore actually attempted to interrupt the first child.
@jasontedor
Allow whitelist of packages that can exit
5924bb9 
Today, SecureSM has a mechanism that enables a hardcoded list of test
packages to exit if the SecureSM instance is constructed with a boolean
flag indicating that these packages will be permitted to exit. This
commit replaces this mechanism by allowing the SecureSM instance to be
constructed with a whitelist of packages that can exit.

Relates elastic#4
@jasontedor
Tighten which classes can exit
3b46e17 
Today a SecureSM security manager allows defining a list of packages
that can exit the VM. However, today there are no restrictions on
defining a package inside another JAR. This commit strengthens the
ability to prevent exit by allowing construction of SecureSM to be done
with a list of regular expressions (instead of a list of prefix names)
that classes will be tested against. With this, a security manager can
be installed that permits only exiting from an exact list of classes.

Relates elastic#5
@jasontedor jasontedor added review :Core/Infra/Core Core issues without another label v7.0.0 v6.3.0 labels Jan 31, 2018
@jasontedor jasontedor requested a review from rjernst January 31, 2018 04:04
@jasontedor jasontedor force-pushed the secure-sm branch 8 times, most recently from 4d65b39 to 9f55409 Compare January 31, 2018 05:20
rjernst
rjernst reviewed Jan 31, 2018
View reviewed changes
Copy link
Member

@rjernst rjernst left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This looks good, but I think there are 2 other changes necessary:

  1. Modify the security policy to use the new jar name (I think that is why CI failed)
  2. Modify BootstrapForTesting to make it work in intellij (see the line for plugin-classloader there)

libs/secure-sm/build.gradle Outdated
import org.elasticsearch.gradle.precommit.PrecommitTasks

apply plugin: 'elasticsearch.build'
apply plugin: 'nebula.optional-base'
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is this used?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I removed this.

@jasontedor
Copy link
Member Author

Thanks @rjernst. I force pushed a commit addressing your comments. I know we do not like force pushes in reviews but I force pushed here because we want to merge all the commits in this PR into master so as to preserve the original history of securesm. Adding more commits on top of my initial commit here would have a lot of other commits coming along for the ride that we do not want, we want only the original history from securesm and exactly one commit integrating securesm into elasticsearch.

@jasontedor
Introduce secure security manager to project
daf2392 
This commit migrates SecureSM, our secure security manager
implementation, from its own repository to being a sub-project of
Elasticsearch.
rjernst
rjernst approved these changes Jan 31, 2018
View reviewed changes
Copy link
Member

@rjernst rjernst left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@jasontedor
Copy link
Member Author

Closed via 1b3d529

@jasontedor jasontedor closed this Feb 1, 2018
@jasontedor jasontedor deleted the secure-sm branch February 1, 2018 00:13
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@rjernst rjernst rjernst approved these changes

Assignees
No one assigned
Labels
:Core/Infra/Core Core issues without another label >enhancement v6.3.0 v7.0.0-beta1
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@jasontedor @rjernst @colings86 @jpountz @rmuir