karaf-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Sebastien Petrucci (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (KARAF-3147) Local JMX connect is not possible
Date Mon, 24 Oct 2016 14:08:58 GMT

    [ https://issues.apache.org/jira/browse/KARAF-3147?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15602088#comment-15602088
] 

Sebastien Petrucci commented on KARAF-3147:
-------------------------------------------

Hello,

We are currently hardening the security on our set of products embedding JBoss Fuse (6.3)
and we also have an issue with the security bypass that was introduced.

We are putting in place a set of controls to make sure that the operator owning the JBoss
Fuse installation (read, the OS account running JBoss Fuse) can start/stop JBoss Fuse, but
*cannot* install new/updated bundles without providing additionnal credentials (not related
to the OS account). Outside of the JVM, we also have a native process that regularly ensures
that the JBoss Fuse installation does not get tampered with manually (system bundles not modified,
config not changed, no change in the JVM binaries, ...).

Because of the security bypass, the operator owning the OS account can simply fire JConsole
and do whatever he wants to. Our other security controls should come into play and prevent
harmful operations but this is not a risk that we are willing to take, especially that it
would be very costly to test each and every possibility :-)
Unfortunately, we cannot simply turn off JMX altogether because we have other processes (authenticated
;-) connecting through a remote JMX connection to perform some critical operations. We would
rather completely get rid of the local JMX access but it seems like it is not possible to
activate the JMX remote access while deactivating local access (understand, connect via PID).
Note that we opened a case with Oracle about this but I don't have much hope there.
The last remaining option for us is to have the security bypass removed so that any attempt
to access JMX beans from a JConsole connected via PID get denied.

We understand that other users may not require such level of security but our products are
used in the financial sector, where cybercrime has become the #1 concern.
I however believe that having a system property controlling that bypass would please everybody.
Can we help in any way ?

Best Regards,

> Local JMX connect is not possible
> ---------------------------------
>
>                 Key: KARAF-3147
>                 URL: https://issues.apache.org/jira/browse/KARAF-3147
>             Project: Karaf
>          Issue Type: Bug
>          Components: karaf-core
>    Affects Versions: 3.0.1
>         Environment: OS X, JDK 7
>            Reporter: Achim Nierbeck
>            Assignee: Guillaume Nodet
>            Priority: Critical
>
> With neither local process nor with remote jmx connection 
> {code}
> service:jmx:rmi://0.0.0.0:44444/jndi/rmi://0.0.0.0:1099/karaf-root
> {code}
> it's possible to connect to Karaf via JMX. 
> Neither JConsole nor VisualVM is usable. 



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message