Thanks you Alan and Roger.

I filed the following issue to track this:
  https://bugs.openjdk.org/browse/JDK-8297451

There are likely many more usages of innocuous thread that could be improved by ensuring setDaemon is invoked while asserting privileges, but I'd like to leave those to a later issue, since the usage in process is causing us issues right now, and it would be great to get this fixed (and eventually backported to 19.0.2).

-Chris.

On 22/11/2022 17:01, Roger Riggs wrote:
Hi Chris,

Yes, adding a doPriv for setDaemon and setName in a couple of places makes sense.

Thanks, Roger


On 11/22/22 11:12 AM, Chris Hegarty wrote:
Hi Alan,

On 22/11/2022 16:08, Alan Bateman wrote:
On 22/11/2022 15:21, Chris Hegarty wrote:
..

Just to double check, does the ES security manager override checkAccess(Thread)?

Yes. :-(

That is usually a no-op but if overridden then it will expose an issue with the thread factory for the "process reaper" where it attempts changes the daemon status outside of a doPriv block.

Right. That's exactly what we're running into.

If there are no objections, then I'm happy to file an issue
and PR to add narrow doPriv blocks around these calls.

-Chris

[1] https://github.com/elastic/elasticsearch/blob/main/libs/secure-sm/src/main/java/org/elasticsearch/secure_sm/SecureSM.java#L118

Reply via email to