From dev-return-11514-apmail-karaf-dev-archive=karaf.apache.org@karaf.apache.org  Thu Jan  5 13:12:42 2017
Return-Path: <dev-return-11514-apmail-karaf-dev-archive=karaf.apache.org@karaf.apache.org>
X-Original-To: apmail-karaf-dev-archive@minotaur.apache.org
Delivered-To: apmail-karaf-dev-archive@minotaur.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id 99A69193DD
	for <apmail-karaf-dev-archive@minotaur.apache.org>; Thu,  5 Jan 2017 13:12:41 +0000 (UTC)
Received: (qmail 78013 invoked by uid 500); 5 Jan 2017 13:12:41 -0000
Delivered-To: apmail-karaf-dev-archive@karaf.apache.org
Received: (qmail 77977 invoked by uid 500); 5 Jan 2017 13:12:41 -0000
Mailing-List: contact dev-help@karaf.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:dev-help@karaf.apache.org>
List-Unsubscribe: <mailto:dev-unsubscribe@karaf.apache.org>
List-Post: <mailto:dev@karaf.apache.org>
List-Id: <dev.karaf.apache.org>
Reply-To: dev@karaf.apache.org
Delivered-To: mailing list dev@karaf.apache.org
Received: (qmail 77961 invoked by uid 99); 5 Jan 2017 13:12:40 -0000
Received: from pnap-us-west-generic-nat.apache.org (HELO spamd1-us-west.apache.org) (209.188.14.142)
    by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 05 Jan 2017 13:12:40 +0000
Received: from localhost (localhost [127.0.0.1])
	by spamd1-us-west.apache.org (ASF Mail Server at spamd1-us-west.apache.org) with ESMTP id 5A14BC020F
	for <dev@karaf.apache.org>; Thu,  5 Jan 2017 13:12:40 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at spamd1-us-west.apache.org
X-Spam-Flag: NO
X-Spam-Score: 0.381
X-Spam-Level:
X-Spam-Status: No, score=0.381 tagged_above=-999 required=6.31
	tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1,
	RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=-0.01,
	RCVD_IN_MSPIKE_WL=-0.01, RCVD_IN_SORBS_SPAM=0.5, URIBL_BLOCKED=0.001]
	autolearn=disabled
Authentication-Results: spamd1-us-west.apache.org (amavisd-new);
	dkim=pass (1024-bit key) header.d=regvart.com
Received: from mx1-lw-eu.apache.org ([10.40.0.8])
	by localhost (spamd1-us-west.apache.org [10.40.0.7]) (amavisd-new, port 10024)
	with ESMTP id gYg0_KGAjOnv for <dev@karaf.apache.org>;
	Thu,  5 Jan 2017 13:12:38 +0000 (UTC)
Received: from mail-wm0-f50.google.com (mail-wm0-f50.google.com [74.125.82.50])
	by mx1-lw-eu.apache.org (ASF Mail Server at mx1-lw-eu.apache.org) with ESMTPS id 903C55F252
	for <dev@karaf.apache.org>; Thu,  5 Jan 2017 13:12:37 +0000 (UTC)
Received: by mail-wm0-f50.google.com with SMTP id c85so246569808wmi.1
        for <dev@karaf.apache.org>; Thu, 05 Jan 2017 05:12:37 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=regvart.com; s=google;
        h=mime-version:in-reply-to:references:from:date:message-id:subject:to
         :content-transfer-encoding;
        bh=QSlLU8KPmDUvXLj6QoJPoyEw+jOiXUQQz2IMO8h6eEc=;
        b=fCMqZ+6uRRB981PxvBYdxHLF4NXpEcGogBpsYZrsCthiDCHMcX30KjlpXIAXhOEZkV
         vuOfWNFtYhh2sXbpaTyvE6dk33hPsm/+8cDiY6kuaLWHsMvXTmTgrDfMf7lWOhqWhkvt
         mLoSXzRtqMgaQ2+SsQZxj2gsexzYtcJVN+WuA=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:in-reply-to:references:from:date
         :message-id:subject:to:content-transfer-encoding;
        bh=QSlLU8KPmDUvXLj6QoJPoyEw+jOiXUQQz2IMO8h6eEc=;
        b=cYguRrL1jYU2t6cQ/jDaEGcMG3gQXS/TCqKnoY+wqSODPRPR/aGc2cQZkP66ifSQnY
         gzTgvLxBUkr3IumtOz8JuCt4XytLCHSF8RPW0b6MsO2s1lsb+XPHFDr1KyGuBbqQzeO3
         85t5/n5DTQxzPtZLDiJKkImw/r91/1qnc+jfv1NS8MHyuJlEGyiT7X94h3xZAq0Xjv5F
         rL+KXshnwcvhp047SXANZeSsj91VxyHk3HxJH8vW0oOSheHgY6nw0ec7sewptvhTZbRo
         3ZW8w0p7aM921CNBIra5lcuRXex0/LUr80UI0G1CfYx7WxXRrpob85ufMs3xL6a6b+6S
         9/uA==
X-Gm-Message-State: AIkVDXKhORm5ZVLLpfGSQSQDQko6zLli+CNfg47uStCjWdUbsQ2ISVKvhrhriwgLuju6dJe0pO+Z8G+vLKq5AA==
X-Received: by 10.28.129.81 with SMTP id c78mr63844516wmd.94.1483621951445;
 Thu, 05 Jan 2017 05:12:31 -0800 (PST)
MIME-Version: 1.0
Received: by 10.80.167.164 with HTTP; Thu, 5 Jan 2017 05:12:11 -0800 (PST)
In-Reply-To: <adcae242-d16e-738e-1194-8988731ef9e9@nanthrax.net>
References: <CABD_Zr9zZP+VscgOMFwYvkYWxiGN4zV5hEOp_GCdTojmeG1j4Q@mail.gmail.com>
 <adcae242-d16e-738e-1194-8988731ef9e9@nanthrax.net>
From: Zoran Regvart <zoran@regvart.com>
Date: Thu, 5 Jan 2017 14:12:11 +0100
Message-ID: <CABD_Zr8vfrPM8UmYSV8Tpv-+AOHDbaRFgdgu1gG60yJ8N+7kWg@mail.gmail.com>
Subject: Re: Limit access to (certain) system properties through JMX
To: dev@karaf.apache.org
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

Hi Jean-Baptiste,

On Thu, Jan 5, 2017 at 12:39 PM, Jean-Baptiste Onofr=C3=A9 <jb@nanthrax.net=
> wrote:
> As a workaround, you can create your own MBean filtering the properties a=
nd
> then security as you want using the RBAC.

Yes! this has helped me, I unregistered the Runtime bean and
registered my proxy that filters clear text properties.

Now if only I could find out find out what is invoking this with this
very shallow stack trace (I guess from native):

    at java.lang.System.getProperties(System.java:628)
    at sun.misc.VMSupport.serializePropertiesToByteArray(VMSupport.java:75)

but that's for another mailing list, here presented only as a
curiosity (the first page of VisualVM is using this instead of Runtime
JMX bean to access system properties)

thank you :)

zoran
--=20
Zoran Regvart