Skip to content

Fix incorrect setContextClassLoader permissions #64745

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Nov 7, 2020
Merged

Fix incorrect setContextClassLoader permissions #64745

merged 1 commit into from
Nov 7, 2020

Conversation

@rjernst
Copy link
Member

@rjernst rjernst commented Nov 6, 2020

Netty requires the setContextClassLoader permission. However, many of
our policy files incorrectly use * as the name, thinking
setContextClassLoader is the actions element of the permission (it
looks like a copy paste error that was then itself copy pasted through
several policy files). This commit corrects these permissions, which had
actually granted all RuntimePermissions.

@rjernst
Fix incorrect setContextClassLoader permissions
65a0f4f 
Netty requires the setContextClassLoader permission. However, many of
our policy files incorrectly use `*` as the name, thinking
`setContextClassLoader` is the actions element of the permission (it
looks like a copy paste error that was then itself copy pasted through
several policy files). This commit corrects these permissions, which had
actually granted all RuntimePermissions.
@rjernst rjernst added >non-issue :Security/Security Security issues without another label v8.0.0 v7.11.0 labels Nov 6, 2020
@rjernst rjernst requested a review from jaymode November 6, 2020 21:47
@elasticmachine
Copy link
Collaborator

elasticmachine commented Nov 6, 2020

Pinging @elastic/es-security (:Security/Security)

@elasticmachine elasticmachine added the Team:Security Meta label for security team label Nov 6, 2020
jaymode
jaymode approved these changes Nov 6, 2020
View reviewed changes
Copy link
Member

@jaymode jaymode left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@rjernst
Copy link
Member Author

rjernst commented Nov 6, 2020

@elasticmachine run elasticsearch-ci/1

@rjernst rjernst merged commit 9b07042 into elastic:master Nov 7, 2020
@rjernst rjernst deleted the plugin_permission_list4 branch November 7, 2020 19:43
rjernst added a commit that referenced this pull request Nov 7, 2020
@rjernst
Fix incorrect setContextClassLoader permissions (#64745)
8496404 
Netty requires the setContextClassLoader permission. However, many of
our policy files incorrectly use `*` as the name, thinking
`setContextClassLoader` is the actions element of the permission (it
looks like a copy paste error that was then itself copy pasted through
several policy files). This commit corrects these permissions, which had
actually granted all RuntimePermissions.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jaymode jaymode jaymode approved these changes

Assignees

No one assigned

Labels

>non-issue :Security/Security Security issues without another label Team:Security Meta label for security team v7.11.0 v8.0.0-alpha1

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@rjernst @elasticmachine @jaymode @jakelandis