Ches Martin created LOG4J2-3207:
-----------------------------------
Summary: Move JNDI / network lookups out of the core module
Key: LOG4J2-3207
URL: https://issues.apache.org/jira/browse/LOG4J2-3207
Project: Log4j 2
Issue Type: Wish
Components: Core
Reporter: Ches Martin
I don't wish to dogpile on maintainers during a difficult time (the
vulnerability of LOG4J2-3201 / LOG4J2-3198), however:
The surface of what can go wrong with this functionality is vast. A primary
motivation for it originally in LOG4J2-313 was context selection, and
anecdotally at least, web application containers are a diminishing deployment
model in industry.
In my operation of first- and third-party systems, I do not want this
functionality to be used, or at least for any use to draw a high degree of
scrutiny.
Thus I'd like to propose that JNDI lookups require a dedicated dependency such
as {{log4j-jndi}} without which {{${jndi:}}} lookups should not function.
While a crucial part of the issue was a sanitization one (LOG4J2-3198) which
could have dangers with nearly any lookup plugin, lookups involving any form of
network access are of particular concern. Docker and Kubernetes lookups may
thus belong in the scope of this request also.
It would be an improvement to me if only the {{java}} JNDI protocol was
supported in Core, but much easier to audit if {{${jndi:}}} is altogether
unsupported.
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
