From 75827c2340f50b8d8cfb801fb3b68bfaaaae53d6 Mon Sep 17 00:00:00 2001
From: Ryan Ernst <ryan@iernst.net>
Date: Wed, 14 Dec 2022 11:38:16 -0800
Subject: [PATCH 1/2] Force init of Unbox in log4j

Some libaries have static initializers that require security manager
permissions. When this initialization occurs during normal operation, it
can cause security manager exceptions depending on where a logging call
is made.

This commit adds a place for static initialization of log4j utility
classes to be run, and specifically adds the Unbox class which wants to
read env vars.

closes #91964
---
 .../common/logging/LogConfigurator.java            | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/server/src/main/java/org/elasticsearch/common/logging/LogConfigurator.java b/server/src/main/java/org/elasticsearch/common/logging/LogConfigurator.java
index 2147b7a5531b0..149877524b77e 100644
--- a/server/src/main/java/org/elasticsearch/common/logging/LogConfigurator.java
+++ b/server/src/main/java/org/elasticsearch/common/logging/LogConfigurator.java
@@ -30,6 +30,7 @@
 import org.apache.logging.log4j.status.StatusData;
 import org.apache.logging.log4j.status.StatusListener;
 import org.apache.logging.log4j.status.StatusLogger;
+import org.apache.logging.log4j.util.Unbox;
 import org.elasticsearch.cluster.ClusterName;
 import org.elasticsearch.common.logging.internal.LoggerFactoryImpl;
 import org.elasticsearch.common.settings.Settings;
@@ -41,6 +42,7 @@
 import java.io.IOException;
 import java.io.InputStream;
 import java.io.PrintStream;
+import java.lang.invoke.MethodHandles;
 import java.nio.charset.StandardCharsets;
 import java.nio.file.FileVisitOption;
 import java.nio.file.FileVisitResult;
@@ -122,6 +124,7 @@ public static void configure(final Environment environment, boolean useConsole)
         }
         configureESLogging();
         configure(environment.settings(), environment.configFile(), environment.logsFile(), useConsole);
+        initializeStatics();
     }
 
     public static void configureESLogging() {
@@ -144,6 +147,17 @@ public static void setNodeName(String nodeName) {
         NodeNamePatternConverter.setNodeName(nodeName);
     }
 
+    // Some classes within log4j have static initializers that require security manager permissions.
+    // Here we aggressively initialize those classes during logging configuration so that
+    // actual logging calls at runtime do not trigger that initialization.
+    private static void initializeStatics() {
+        try {
+            MethodHandles.publicLookup().ensureInitialized(Unbox.class);
+        } catch (IllegalAccessException impossible) {
+            throw new AssertionError(impossible);
+        }
+    }
+
     private static void checkErrorListener() {
         assert errorListenerIsRegistered() : "expected error listener to be registered";
         if (error.get()) {

From 5247bf52491e75da23995bcf8d7c49c6ac6adc80 Mon Sep 17 00:00:00 2001
From: Ryan Ernst <ryan@iernst.net>
Date: Wed, 14 Dec 2022 11:51:38 -0800
Subject: [PATCH 2/2] Update docs/changelog/92377.yaml

---
 docs/changelog/92377.yaml | 6 ++++++
 1 file changed, 6 insertions(+)
 create mode 100644 docs/changelog/92377.yaml

diff --git a/docs/changelog/92377.yaml b/docs/changelog/92377.yaml
new file mode 100644
index 0000000000000..0eb622f71714d
--- /dev/null
+++ b/docs/changelog/92377.yaml
@@ -0,0 +1,6 @@
+pr: 92377
+summary: Force init of Unbox in log4j
+area: Infra/Core
+type: bug
+issues:
+ - 91964