From 83125377bd8ee1ac96aed1c1c43c74d5b13e6cde Mon Sep 17 00:00:00 2001 From: Tim Vernum Date: Wed, 22 Sep 2021 23:05:33 +1000 Subject: [PATCH] Revert unintended changes from #77012 (#78182) This reverts some changes from e73d16dc20cf50a5215ee8ff8cccfcbd2f0c1a7es that were incorrectly included within #77012. --- .../src/main/java/org/elasticsearch/bootstrap/PolicyUtil.java | 3 +-- .../src/main/plugin-metadata/plugin-security.policy | 3 --- .../security/src/main/plugin-metadata/plugin-security.policy | 3 --- 3 files changed, 1 insertion(+), 8 deletions(-) diff --git a/server/src/main/java/org/elasticsearch/bootstrap/PolicyUtil.java b/server/src/main/java/org/elasticsearch/bootstrap/PolicyUtil.java index 0b7ff7c068fb3..ec05c4d1a62e1 100644 --- a/server/src/main/java/org/elasticsearch/bootstrap/PolicyUtil.java +++ b/server/src/main/java/org/elasticsearch/bootstrap/PolicyUtil.java @@ -104,7 +104,6 @@ public boolean test(Permission permission) { new RuntimePermission("loadLibrary.*"), new RuntimePermission("accessClassInPackage.*"), new RuntimePermission("accessDeclaredMembers"), - new RuntimePermission("org.elasticsearch.modifyInnocuousThread"), new NetPermission("requestPasswordAuthentication"), new NetPermission("getProxySelector"), new NetPermission("getCookieHandler"), @@ -113,7 +112,7 @@ public boolean test(Permission permission) { new SecurityPermission("createAccessControlContext"), new SecurityPermission("insertProvider"), new SecurityPermission("putProviderProperty.*"), - // apache abuses the SecurityPermission class for its own purposes + // apache abuses the SecurityPermission class for it's own purposes new SecurityPermission("org.apache.*"), // write is needed because of HdfsPlugin new PropertyPermission("*", "read,write"), diff --git a/x-pack/plugin/identity-provider/src/main/plugin-metadata/plugin-security.policy b/x-pack/plugin/identity-provider/src/main/plugin-metadata/plugin-security.policy index 00e6df8ec775d..0310ce4542dbb 100644 --- a/x-pack/plugin/identity-provider/src/main/plugin-metadata/plugin-security.policy +++ b/x-pack/plugin/identity-provider/src/main/plugin-metadata/plugin-security.policy @@ -13,7 +13,4 @@ grant { // needed for multiple server implementations used in tests permission java.net.SocketPermission "*", "accept,connect"; - - // Needed for OpenSAML to start a java.lang.ref.Cleaner - permission java.lang.RuntimePermission "org.elasticsearch.modifyInnocuousThread"; }; diff --git a/x-pack/plugin/security/src/main/plugin-metadata/plugin-security.policy b/x-pack/plugin/security/src/main/plugin-metadata/plugin-security.policy index 2844b87e4bd20..97b0f480043e5 100644 --- a/x-pack/plugin/security/src/main/plugin-metadata/plugin-security.policy +++ b/x-pack/plugin/security/src/main/plugin-metadata/plugin-security.policy @@ -4,9 +4,6 @@ grant { // needed for SAML permission java.util.PropertyPermission "org.apache.xml.security.ignoreLineBreaks", "read,write"; - // Needed for OpenSAML to start a java.lang.ref.Cleaner - permission java.lang.RuntimePermission "org.elasticsearch.modifyInnocuousThread"; - // needed during initialization of OpenSAML library where xml security algorithms are registered // see https://github.com/apache/santuario-java/blob/e79f1fe4192de73a975bc7246aee58ed0703343d/src/main/java/org/apache/xml/security/utils/JavaUtils.java#L205-L220 // and https://git.shibboleth.net/view/?p=java-opensaml.git;a=blob;f=opensaml-xmlsec-impl/src/main/java/org/opensaml/xmlsec/signature/impl/SignatureMarshaller.java;hb=db0eaa64210f0e32d359cd6c57bedd57902bf811#l52