Return-Path: <dev-return-15735-archive-asf-public=cust-asf.ponee.io@accumulo.apache.org>
X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io
Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io
Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183])
	by cust-asf2.ponee.io (Postfix) with ESMTP id 68C0D200B76
	for <archive-asf-public-internal@cust-asf2.ponee.io>; Tue, 16 Aug 2016 04:42:31 +0200 (CEST)
Received: by cust-asf.ponee.io (Postfix)
	id 67173160AB8; Tue, 16 Aug 2016 02:42:31 +0000 (UTC)
Delivered-To: archive-asf-public@cust-asf.ponee.io
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by cust-asf.ponee.io (Postfix) with SMTP id AC832160AA7
	for <archive-asf-public@cust-asf.ponee.io>; Tue, 16 Aug 2016 04:42:30 +0200 (CEST)
Received: (qmail 78996 invoked by uid 500); 16 Aug 2016 02:42:29 -0000
Mailing-List: contact dev-help@accumulo.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:dev-help@accumulo.apache.org>
List-Unsubscribe: <mailto:dev-unsubscribe@accumulo.apache.org>
List-Post: <mailto:dev@accumulo.apache.org>
List-Id: <dev.accumulo.apache.org>
Reply-To: dev@accumulo.apache.org
Delivered-To: mailing list dev@accumulo.apache.org
Received: (qmail 78983 invoked by uid 99); 16 Aug 2016 02:42:29 -0000
Received: from pnap-us-west-generic-nat.apache.org (HELO spamd4-us-west.apache.org) (209.188.14.142)
    by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 16 Aug 2016 02:42:29 +0000
Received: from localhost (localhost [127.0.0.1])
	by spamd4-us-west.apache.org (ASF Mail Server at spamd4-us-west.apache.org) with ESMTP id 293B8C000A
	for <dev@accumulo.apache.org>; Tue, 16 Aug 2016 02:42:29 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at spamd4-us-west.apache.org
X-Spam-Flag: NO
X-Spam-Score: 1.298
X-Spam-Level: *
X-Spam-Status: No, score=1.298 tagged_above=-999 required=6.31
	tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=2,
	RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001]
	autolearn=disabled
Authentication-Results: spamd4-us-west.apache.org (amavisd-new);
	dkim=pass (2048-bit key) header.d=mdrob-com.20150623.gappssmtp.com
Received: from mx2-lw-us.apache.org ([10.40.0.8])
	by localhost (spamd4-us-west.apache.org [10.40.0.11]) (amavisd-new, port 10024)
	with ESMTP id 44HjY0-yWRS8 for <dev@accumulo.apache.org>;
	Tue, 16 Aug 2016 02:42:26 +0000 (UTC)
Received: from mail-qk0-f176.google.com (mail-qk0-f176.google.com [209.85.220.176])
	by mx2-lw-us.apache.org (ASF Mail Server at mx2-lw-us.apache.org) with ESMTPS id 7ECC25FC1A
	for <dev@accumulo.apache.org>; Tue, 16 Aug 2016 02:42:26 +0000 (UTC)
Received: by mail-qk0-f176.google.com with SMTP id z190so27526360qkc.0
        for <dev@accumulo.apache.org>; Mon, 15 Aug 2016 19:42:26 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=mdrob-com.20150623.gappssmtp.com; s=20150623;
        h=mime-version:in-reply-to:references:from:date:message-id:subject:to;
        bh=RUF5TTjnMgWOefJ82Nzjg6rE2EL26g2I/0lKDhczrPE=;
        b=z7aGh9qsi9xqkDlHH57uYZ/YkvcExWPT8VVze8A14PX59Xytdp48/CSNA4CVlXPzeE
         HmuUPIRPqolFbkt0VBtyTso4hfOyZ9SWvbAI51vuk7EhbkB4k5a2PkPGE8tMttaCnzRn
         QLbNPVAWc7LL7Eb+Qy9NqZWSWIGkaUKvaL7hB/hKvKZizfv3ms2XrjjvrSjdCo9Ae1cY
         tl8W9QJpgJ+qEfzhejG4pJjJ4OquYhINwNTKN0s6q3EgmBqYZowLIVKILpcVcxorSpuo
         oJPgTQYtMDV9n8nRzOPjVzb1I+m2cAX4zl/OirEx7/Xw/UaDbSt1ZVOgM2ypDfoXIQgF
         xImQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20130820;
        h=x-gm-message-state:mime-version:in-reply-to:references:from:date
         :message-id:subject:to;
        bh=RUF5TTjnMgWOefJ82Nzjg6rE2EL26g2I/0lKDhczrPE=;
        b=ZakvauLf3sELZeqYMTW+v5dSRwWVpUMShmTjvPaXxWC+X81X6sKzVPCpBa+hCqFvfk
         evkkzI+dXZywN9ycM9Ip1r3FMOGoXUPBbWz8ZbS4OV5dBj7ugovdDJRN/6mXNAuHuNJM
         b60BypuZVoIQGu7/w7KOLqpB4B/qjXWV7eZqkx4g98vF0XLlNtdHvHFW2+BmyUDQQEHk
         F3DTZSlsap93QnE1WmbKNhWmCp6A/41Nrb7wpf2k5V9M7wvrAENrCNq3fse+z6CZ+bUG
         vse1JcAZh5pVXfHcRYcCcLppKdaiRHGGgjQa1WcxUJjksdYXp/5S00PolPKx9IhKqrY7
         0UMg==
X-Gm-Message-State: AEkoouuUUSiwu3JAFRGw75MXSnjpj6j1469xWxNNnCh1H3zh4QPIdUOJvsOrr5M0tI6yhuFIJfcBxQ3JLonV9w==
X-Received: by 10.55.77.11 with SMTP id a11mr33435988qkb.112.1471315346092;
 Mon, 15 Aug 2016 19:42:26 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.55.86.132 with HTTP; Mon, 15 Aug 2016 19:42:25 -0700 (PDT)
X-Originating-IP: [98.195.174.102]
In-Reply-To: <CAJRvFdrLNeemMygSn3e+CkmzCpYOUk1X_0LLmsq3xr9g0zU+SQ@mail.gmail.com>
References: <CAL5zq9ZFqLd-_cWNLuL-_eyC9rEPbdkzjUb2tnFTdpLtLKyxfQ@mail.gmail.com>
 <CAL5zq9Y=zmPJ2aaYwxAQpP-ybY8i62cEJCMO=CKbvjH-UNbVpw@mail.gmail.com>
 <57B1F73F.4070900@gmail.com> <CAPx=JkZNwwEwzB1-NdcyFnjHaNVc-8z_w3c0Jn8GMK8H9y+OnQ@mail.gmail.com>
 <CAJRvFdrLNeemMygSn3e+CkmzCpYOUk1X_0LLmsq3xr9g0zU+SQ@mail.gmail.com>
From: Mike Drob <mdrob@mdrob.com>
Date: Mon, 15 Aug 2016 21:42:25 -0500
Message-ID: <CAJRvFdpfwKFO4_hs7WTrsSghpB8yPW_a77FEkuDFpVCN-uWWUA@mail.gmail.com>
Subject: Re: Custom Java SecurityManager permissions
To: dev@accumulo.apache.org
Content-Type: multipart/alternative; boundary=001a114a6ece8ea2a8053a274cc6
archived-at: Tue, 16 Aug 2016 02:42:31 -0000

--001a114a6ece8ea2a8053a274cc6
Content-Type: text/plain; charset=UTF-8

Oops, hit send too soon. I thought you were asking about the security
policy that we used to ship with.

All things considered, I'd probably axe these too, though.

On Mon, Aug 15, 2016 at 9:41 PM, Mike Drob <mdrob@mdrob.com> wrote:

> +1
>
> I do not believe the initial implementation was very well tested in terms
> of security. IIRC we kept adding permissions until CI ran without errors on
> a very old version, so it is not guaranteed to run with modern versions of
> Accumulo, given that we evolve our usage regularly.
>
> On Mon, Aug 15, 2016 at 8:13 PM, Dylan Hutchison <
> dhutchis@cs.washington.edu> wrote:
>
>> Maybe related to ACCUMULO-1188
>> <https://issues.apache.org/jira/browse/ACCUMULO-1188>?
>>
>> On Mon, Aug 15, 2016 at 10:09 AM, Josh Elser <josh.elser@gmail.com>
>> wrote:
>>
>> > +1 from me.
>> >
>> > IIRC, they used to be something to try to guard against user JARs
>> > (containing iterators) doing something malicious, but obviously they
>> > haven't been kept up given the lack of documentation. I am not sure what
>> > all is possible to say whether or not it's a completely security
>> solution
>> > too.
>> >
>> > I think without context on what they do, how they work, etc, they can be
>> > removed.
>> >
>> >
>> > Christopher wrote:
>> >
>> >> Bump. Anybody have any thoughts on these? I'm inclined to rip out the
>> >> custom permissions here. I don't think they're actually adding any
>> >> security, and we're not documenting them in any overall security
>> model. As
>> >> is, they look like remnants of an early, incomplete attempt to apply
>> the
>> >> Java security system to our code, but they don't look like they are
>> >> offering anything in the current implementation to actually improve the
>> >> security.
>> >>
>> >> On Thu, Aug 11, 2016 at 9:46 PM Christopher<ctubbsii@apache.org>
>> wrote:
>> >>
>> >> I found 7 references in our code (master branch, probably same in
>> others)
>> >>> to the java SecurityManager.checkPermissions, each with custom
>> >>> permissions
>> >>> we've created (3 in core, 1 in fate, 3 in server-base).
>> >>>
>> >>> There is no documentation for these, and I don't really know what
>> these
>> >>> are actually trying to protect against.
>> >>>
>> >>> Do these custom permissions have any actual purpose? What value are
>> these
>> >>> adding?
>> >>>
>> >>> Do we have an overall security model which we can check these
>> >>> implementations against? Or to identify where we are missing checks
>> which
>> >>> should be there? Do we really need to create custom permissions, vs.
>> some
>> >>> standardized ones?
>> >>>
>> >>>
>> >>>
>> >>
>>
>
>

--001a114a6ece8ea2a8053a274cc6--