accumulo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mike Drob <md...@mdrob.com>
Subject Re: Custom Java SecurityManager permissions
Date Tue, 16 Aug 2016 02:42:25 GMT
Oops, hit send too soon. I thought you were asking about the security
policy that we used to ship with.

All things considered, I'd probably axe these too, though.

On Mon, Aug 15, 2016 at 9:41 PM, Mike Drob <mdrob@mdrob.com> wrote:

> +1
>
> I do not believe the initial implementation was very well tested in terms
> of security. IIRC we kept adding permissions until CI ran without errors on
> a very old version, so it is not guaranteed to run with modern versions of
> Accumulo, given that we evolve our usage regularly.
>
> On Mon, Aug 15, 2016 at 8:13 PM, Dylan Hutchison <
> dhutchis@cs.washington.edu> wrote:
>
>> Maybe related to ACCUMULO-1188
>> <https://issues.apache.org/jira/browse/ACCUMULO-1188>?
>>
>> On Mon, Aug 15, 2016 at 10:09 AM, Josh Elser <josh.elser@gmail.com>
>> wrote:
>>
>> > +1 from me.
>> >
>> > IIRC, they used to be something to try to guard against user JARs
>> > (containing iterators) doing something malicious, but obviously they
>> > haven't been kept up given the lack of documentation. I am not sure what
>> > all is possible to say whether or not it's a completely security
>> solution
>> > too.
>> >
>> > I think without context on what they do, how they work, etc, they can be
>> > removed.
>> >
>> >
>> > Christopher wrote:
>> >
>> >> Bump. Anybody have any thoughts on these? I'm inclined to rip out the
>> >> custom permissions here. I don't think they're actually adding any
>> >> security, and we're not documenting them in any overall security
>> model. As
>> >> is, they look like remnants of an early, incomplete attempt to apply
>> the
>> >> Java security system to our code, but they don't look like they are
>> >> offering anything in the current implementation to actually improve the
>> >> security.
>> >>
>> >> On Thu, Aug 11, 2016 at 9:46 PM Christopher<ctubbsii@apache.org>
>> wrote:
>> >>
>> >> I found 7 references in our code (master branch, probably same in
>> others)
>> >>> to the java SecurityManager.checkPermissions, each with custom
>> >>> permissions
>> >>> we've created (3 in core, 1 in fate, 3 in server-base).
>> >>>
>> >>> There is no documentation for these, and I don't really know what
>> these
>> >>> are actually trying to protect against.
>> >>>
>> >>> Do these custom permissions have any actual purpose? What value are
>> these
>> >>> adding?
>> >>>
>> >>> Do we have an overall security model which we can check these
>> >>> implementations against? Or to identify where we are missing checks
>> which
>> >>> should be there? Do we really need to create custom permissions, vs.
>> some
>> >>> standardized ones?
>> >>>
>> >>>
>> >>>
>> >>
>>
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message