Thanks you Alan and Roger.
I filed the following issue to track this:
https://bugs.openjdk.org/browse/JDK-8297451
There are likely many more usages of innocuous thread that could be
improved by ensuring setDaemon is invoked while asserting privileges,
but I'd like to leave those to a later issue, since the usage in process
is causing us issues right now, and it would be great to get this fixed
(and eventually backported to 19.0.2).
-Chris.
On 22/11/2022 17:01, Roger Riggs wrote:
Hi Chris,
Yes, adding a doPriv for setDaemon and setName in a couple of places
makes sense.
Thanks, Roger
On 11/22/22 11:12 AM, Chris Hegarty wrote:
Hi Alan,
On 22/11/2022 16:08, Alan Bateman wrote:
On 22/11/2022 15:21, Chris Hegarty wrote:
..
Just to double check, does the ES security manager override
checkAccess(Thread)?
Yes. :-(
That is usually a no-op but if overridden then it will expose an
issue with the thread factory for the "process reaper" where it
attempts changes the daemon status outside of a doPriv block.
Right. That's exactly what we're running into.
If there are no objections, then I'm happy to file an issue
and PR to add narrow doPriv blocks around these calls.
-Chris
[1]
https://github.com/elastic/elasticsearch/blob/main/libs/secure-sm/src/main/java/org/elasticsearch/secure_sm/SecureSM.java#L118
