gtully commented on PR #4924: URL: https://github.com/apache/activemq-artemis/pull/4924#issuecomment-2100259018
I don't know that it helps, the values in question come from configuration. We have no choice but to trust configuration, i.e: the file system, where our sources live. These are exiting extension points, where the config provides the implementation. Any malicious intervention will implement any required interface if that is enforced. Any allow list gate will have to be configured in some way, probably on the file system. For an existing gadget to be exploited via this mechanism, the config has to be compromised, which is the file system, on that same file system can be any jar etc... so anything we do can be compromised unless we go down the route of signed jars etc. even then if the file system is compromised.... in short, I am not convinced of an interface check being of any great value when the threat is from file system compromise. Having said that, if there is value in the additional check, and I guess the value is that it makes it a little harder (if that makes any difference) it would need to be done before every newInstance of this sort to be effective. The xml parser does the same thing for one, in support of the same use case. Again, it is trusting config. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
