Hi Alan,
On 22/11/2022 16:08, Alan Bateman wrote:
On 22/11/2022 15:21, Chris Hegarty wrote:
..
Just to double check, does the ES security manager override
checkAccess(Thread)?
Yes. :-(
That is usually a no-op but if overridden then it
will expose an issue with the thread factory for the "process reaper"
where it attempts changes the daemon status outside of a doPriv block.
Right. That's exactly what we're running into.
If there are no objections, then I'm happy to file an issue
and PR to add narrow doPriv blocks around these calls.
-Chris
[1]
https://github.com/elastic/elasticsearch/blob/main/libs/secure-sm/src/main/java/org/elasticsearch/secure_sm/SecureSM.java#L118
