[jira] [Commented] (CASSANDRA-18508) Sensitive JMX SSL configuration options can be easily exposed

Maulin Vasavada (Jira) Wed, 11 Sep 2024 16:29:05 -0700


    [ 
https://issues.apache.org/jira/browse/CASSANDRA-18508?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17881138#comment-17881138
 ]


Maulin Vasavada commented on CASSANDRA-18508:
---------------------------------------------

Okay, here is the issue I am running into. I've listed 3 EndPoints creating a 
socket and the 2nd Endpoint in the below list is the one having the issue if I 
DO NOT set javax.net.ssl.truststore at the System property level. This is 
because for creating the client connection it is using serialized client socket 
factory vs what I supplied (as you see in the 1st Endpoint).

 
{noformat}
(1) EndPoint: 
[127.0.0.1:7199,org.apache.cassandra.distributed.impl.IsolatedJmxTestClientSslSocketFactory@10574b01]

Call trace:

newSocket:613, TCPEndpoint (sun.rmi.transport.tcp)
createConnection:209, TCPChannel (sun.rmi.transport.tcp)
newConnection:196, TCPChannel (sun.rmi.transport.tcp)
newCall:343, UnicastRef (sun.rmi.server)
lookup:116, RegistryImpl_Stub (sun.rmi.registry)
lookup:133, RegistryContext (com.sun.jndi.rmi.registry)
lookup:220, GenericURLContext (com.sun.jndi.toolkit.url)
lookup:409, InitialContext (javax.naming)
findRMIServerJNDI:1839, RMIConnector (javax.management.remote.rmi)
findRMIServer:1813, RMIConnector (javax.management.remote.rmi)
connect:302, RMIConnector (javax.management.remote.rmi)
connect:270, JMXConnectorFactory (javax.management.remote)
getJmxConnector:94, JMXUtil (org.apache.cassandra.distributed.shared)
waitForJmxAvailability:201, IsolatedJmx (org.apache.cassandra.distributed.impl)
startJmx:142, IsolatedJmx (org.apache.cassandra.distributed.impl)
startJmx:651, Instance (org.apache.cassandra.distributed.impl)
partialStartup:711, Instance (org.apache.cassandra.distributed.impl)
lambda$startup$7:633, Instance (org.apache.cassandra.distributed.impl)
run:-1, 838800272 (org.apache.cassandra.distributed.impl.Instance$$Lambda$266)
call:124, FutureTask$2 (org.apache.cassandra.concurrent)
call:61, FutureTask (org.apache.cassandra.concurrent)
run:71, FutureTask (org.apache.cassandra.concurrent)
runWorker:1128, ThreadPoolExecutor (java.util.concurrent)
run:628, ThreadPoolExecutor$Worker (java.util.concurrent)
run:30, FastThreadLocalRunnable (io.netty.util.concurrent)
run:829, Thread (java.lang)
-------------------------------

(2)EndPoint: 
[10.0.0.14:7199,org.apache.cassandra.distributed.impl.RMISslClientSocketFactoryImpl@7f000020]

Call trace:

newSocket:613, TCPEndpoint (sun.rmi.transport.tcp)
createConnection:209, TCPChannel (sun.rmi.transport.tcp)
newConnection:196, TCPChannel (sun.rmi.transport.tcp)
newCall:343, UnicastRef (sun.rmi.server)
dirty:104, DGCImpl_Stub (sun.rmi.transport)
makeDirtyCall:377, DGCClient$EndpointEntry (sun.rmi.transport)
registerRefs:319, DGCClient$EndpointEntry (sun.rmi.transport)
registerRefs:155, DGCClient (sun.rmi.transport)
registerRefs:102, ConnectionInputStream (sun.rmi.transport)
releaseInputStream:175, StreamRemoteCall (sun.rmi.transport)
done:340, StreamRemoteCall (sun.rmi.transport)
done:452, UnicastRef (sun.rmi.server)
lookup:132, RegistryImpl_Stub (sun.rmi.registry)
lookup:133, RegistryContext (com.sun.jndi.rmi.registry)
lookup:220, GenericURLContext (com.sun.jndi.toolkit.url)
lookup:409, InitialContext (javax.naming)
findRMIServerJNDI:1839, RMIConnector (javax.management.remote.rmi)
findRMIServer:1813, RMIConnector (javax.management.remote.rmi)
connect:302, RMIConnector (javax.management.remote.rmi)
connect:270, JMXConnectorFactory (javax.management.remote)
getJmxConnector:94, JMXUtil (org.apache.cassandra.distributed.shared)
waitForJmxAvailability:201, IsolatedJmx (org.apache.cassandra.distributed.impl)
startJmx:142, IsolatedJmx (org.apache.cassandra.distributed.impl)
startJmx:651, Instance (org.apache.cassandra.distributed.impl)
partialStartup:711, Instance (org.apache.cassandra.distributed.impl)
lambda$startup$7:633, Instance (org.apache.cassandra.distributed.impl)
run:-1, 874740624 (org.apache.cassandra.distributed.impl.Instance$$Lambda$266)
call:124, FutureTask$2 (org.apache.cassandra.concurrent)
call:61, FutureTask (org.apache.cassandra.concurrent)
run:71, FutureTask (org.apache.cassandra.concurrent)
runWorker:1128, ThreadPoolExecutor (java.util.concurrent)
run:628, ThreadPoolExecutor$Worker (java.util.concurrent)
run:30, FastThreadLocalRunnable (io.netty.util.concurrent)
run:829, Thread (java.lang)
------------------------------

(3) EndPoint: 
[127.0.0.1:7199,org.apache.cassandra.distributed.impl.IsolatedJmxTestClientSslSocketFactory@2bc12da]

Call trace: 

newSocket:613, TCPEndpoint (sun.rmi.transport.tcp)
createConnection:209, TCPChannel (sun.rmi.transport.tcp)
newConnection:196, TCPChannel (sun.rmi.transport.tcp)
newCall:343, UnicastRef (sun.rmi.server)
lookup:116, RegistryImpl_Stub (sun.rmi.registry)
lookup:133, RegistryContext (com.sun.jndi.rmi.registry)
lookup:220, GenericURLContext (com.sun.jndi.toolkit.url)
lookup:409, InitialContext (javax.naming)
findRMIServerJNDI:1839, RMIConnector (javax.management.remote.rmi)
findRMIServer:1813, RMIConnector (javax.management.remote.rmi)
connect:302, RMIConnector (javax.management.remote.rmi)
connect:270, JMXConnectorFactory (javax.management.remote)
getJmxConnector:94, JMXUtil (org.apache.cassandra.distributed.shared)
getJmxConnector:62, JMXUtil (org.apache.cassandra.distributed.shared)
testAllValidGetters:110, JMXGetterCheckTest 
(org.apache.cassandra.distributed.test.jmx)
testDefaultSettings:92, JMXEncryptionOptionsTest 
(org.apache.cassandra.distributed.test)
invoke0:-1, NativeMethodAccessorImpl (jdk.internal.reflect)
invoke:62, NativeMethodAccessorImpl (jdk.internal.reflect)
invoke:43, DelegatingMethodAccessorImpl (jdk.internal.reflect)
invoke:566, Method (java.lang.reflect)
runReflectiveCall:50, FrameworkMethod$1 (org.junit.runners.model)
run:12, ReflectiveCallable (org.junit.internal.runners.model)
invokeExplosively:47, FrameworkMethod (org.junit.runners.model)
evaluate:17, InvokeMethod (org.junit.internal.runners.statements)
evaluate:27, RunAfters (org.junit.internal.runners.statements)
runLeaf:325, ParentRunner (org.junit.runners)
runChild:78, BlockJUnit4ClassRunner (org.junit.runners)
runChild:57, BlockJUnit4ClassRunner (org.junit.runners)
run:290, ParentRunner$3 (org.junit.runners)
schedule:71, ParentRunner$1 (org.junit.runners)
runChildren:288, ParentRunner (org.junit.runners)
access$000:58, ParentRunner (org.junit.runners)
evaluate:268, ParentRunner$2 (org.junit.runners)
evaluate:26, RunBefores (org.junit.internal.runners.statements)
run:363, ParentRunner (org.junit.runners)
run:137, JUnitCore (org.junit.runner)
startRunnerWithArgs:69, JUnit4IdeaTestRunner (com.intellij.junit4)
execute:38, IdeaTestRunner$Repeater$1 (com.intellij.rt.junit)
repeat:11, TestsRepeater (com.intellij.rt.execution.junit)
startRunnerWithArgs:35, IdeaTestRunner$Repeater (com.intellij.rt.junit)
prepareStreamsAndStart:232, JUnitStarter (com.intellij.rt.junit)
main:55, JUnitStarter (com.intellij.rt.junit){noformat}

> Sensitive JMX SSL configuration options can be easily exposed
> -------------------------------------------------------------
>
>                 Key: CASSANDRA-18508
>                 URL: https://issues.apache.org/jira/browse/CASSANDRA-18508
>             Project: Cassandra
>          Issue Type: Improvement
>          Components: Feature/Encryption, Local/Config
>            Reporter: Anthony Grasso
>            Assignee: Maulin Vasavada
>            Priority: Normal
>             Fix For: 5.x
>
>          Time Spent: 10m
>  Remaining Estimate: 0h
>
> We need a way to specify sensitive JMX SSL configuration options to avoid 
> them being easily exposed.
> When encrypting the JMX connection the passwords for the key and trust stores 
> must be specified using the {{javax.net.ssl.keyStorePassword}} and 
> {{javax.net.ssl.trustStorePassword}} options respectively in the 
> _cassandra-env.sh_ file. After Cassandra is started it is possible to see the 
> passwords by looking the running process ({{ps aux | grep "cassandra"}}).
> Java 8 has the ability to specify a configuration file that can contain these 
> security sensitive settings using the {{com.sun.management.config.file}} 
> argument. However, despite what the documentation 
> ([https://docs.oracle.com/javase/8/docs/technotes/guides/management/agent.html#gdevf])
>  says, both the {{com.sun.management.jmxremote}} and 
> {{com.sun.management.jmxremote.port}} arguments need to be defined in the 
> _cassandra-env.sh_ for the JVM to read the contents of the file.
> The problem with defining the {{com.sun.management.jmxremote.port}} argument 
> is it conflicts with the {{cassandra.jmx.remote.port}} argument. Even if the 
> port numbers are different, attempting an encrypted JMX connection using 
> {{nodetool}} fails and we see a {{ConnectException: 'Connection refused 
> (Connection refused)'}} error.
> One possible way to fix this is to introduce a new option that would allow a 
> file to be passed containing the JMX encryption options.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

[jira] [Commented] (CASSANDRA-18508) Sensitive JMX SSL configuration options can be easily exposed

Reply via email to