+1 I do not believe the initial implementation was very well tested in terms of security. IIRC we kept adding permissions until CI ran without errors on a very old version, so it is not guaranteed to run with modern versions of Accumulo, given that we evolve our usage regularly.
On Mon, Aug 15, 2016 at 8:13 PM, Dylan Hutchison <[email protected] > wrote: > Maybe related to ACCUMULO-1188 > <https://issues.apache.org/jira/browse/ACCUMULO-1188>? > > On Mon, Aug 15, 2016 at 10:09 AM, Josh Elser <[email protected]> wrote: > > > +1 from me. > > > > IIRC, they used to be something to try to guard against user JARs > > (containing iterators) doing something malicious, but obviously they > > haven't been kept up given the lack of documentation. I am not sure what > > all is possible to say whether or not it's a completely security solution > > too. > > > > I think without context on what they do, how they work, etc, they can be > > removed. > > > > > > Christopher wrote: > > > >> Bump. Anybody have any thoughts on these? I'm inclined to rip out the > >> custom permissions here. I don't think they're actually adding any > >> security, and we're not documenting them in any overall security model. > As > >> is, they look like remnants of an early, incomplete attempt to apply the > >> Java security system to our code, but they don't look like they are > >> offering anything in the current implementation to actually improve the > >> security. > >> > >> On Thu, Aug 11, 2016 at 9:46 PM Christopher<[email protected]> > wrote: > >> > >> I found 7 references in our code (master branch, probably same in > others) > >>> to the java SecurityManager.checkPermissions, each with custom > >>> permissions > >>> we've created (3 in core, 1 in fate, 3 in server-base). > >>> > >>> There is no documentation for these, and I don't really know what these > >>> are actually trying to protect against. > >>> > >>> Do these custom permissions have any actual purpose? What value are > these > >>> adding? > >>> > >>> Do we have an overall security model which we can check these > >>> implementations against? Or to identify where we are missing checks > which > >>> should be there? Do we really need to create custom permissions, vs. > some > >>> standardized ones? > >>> > >>> > >>> > >> >
