You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cassandra.apache.org by aw...@apache.org on 2018/02/14 21:32:34 UTC
cassandra git commit: CVE-2017-5929 Security vulnerability and
redefine default log rotation policy.
Repository: cassandra
Updated Branches:
refs/heads/trunk 44ce9536f -> c0aa79e54
CVE-2017-5929 Security vulnerability and redefine default log rotation policy.
Patch by Michael Shuler; Reviewed by Ariel Weisberg for CASSANDRA-14183
Project: http://git-wip-us.apache.org/repos/asf/cassandra/repo
Commit: http://git-wip-us.apache.org/repos/asf/cassandra/commit/c0aa79e5
Tree: http://git-wip-us.apache.org/repos/asf/cassandra/tree/c0aa79e5
Diff: http://git-wip-us.apache.org/repos/asf/cassandra/diff/c0aa79e5
Branch: refs/heads/trunk
Commit: c0aa79e5453d64a583ba2197b2ac76d04ecd7020
Parents: 44ce953
Author: Michael Shuler <mi...@pbandjelly.org>
Authored: Wed Feb 14 11:42:59 2018 -0500
Committer: Ariel Weisberg <aw...@apple.com>
Committed: Wed Feb 14 16:30:43 2018 -0500
----------------------------------------------------------------------
CHANGES.txt | 1 +
build.xml | 4 +--
conf/logback.xml | 30 +++++++++----------
lib/logback-classic-1.1.3.jar | Bin 280926 -> 0 bytes
lib/logback-classic-1.2.3.jar | Bin 0 -> 290339 bytes
lib/logback-core-1.1.3.jar | Bin 455041 -> 0 bytes
lib/logback-core-1.2.3.jar | Bin 0 -> 471901 bytes
.../functions/ThreadAwareSecurityManager.java | 5 ++++
test/conf/logback-test.xml | 2 +-
.../config/DatabaseDescriptorRefTest.java | 6 ++--
.../validation/operations/AggregationTest.java | 12 ++++++++
11 files changed, 39 insertions(+), 21 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cassandra/blob/c0aa79e5/CHANGES.txt
----------------------------------------------------------------------
diff --git a/CHANGES.txt b/CHANGES.txt
index e932b40..dd56770 100644
--- a/CHANGES.txt
+++ b/CHANGES.txt
@@ -1,4 +1,5 @@
4.0
+ * CVE-2017-5929 Security vulnerability and redefine default log rotation policy (CASSANDRA-14183)
* Use JVM default SSL validation algorithm instead of custom default (CASSANDRA-13259)
* Better document in code InetAddressAndPort usage post 7544, incorporate port into UUIDGen node (CASSANDRA-14226)
* Fix sstablemetadata date string for minLocalDeletionTime (CASSANDRA-14132)
http://git-wip-us.apache.org/repos/asf/cassandra/blob/c0aa79e5/build.xml
----------------------------------------------------------------------
diff --git a/build.xml b/build.xml
index bc9f0a7..4b6ae70 100644
--- a/build.xml
+++ b/build.xml
@@ -383,8 +383,8 @@
<dependency groupId="org.slf4j" artifactId="slf4j-api" version="1.7.25"/>
<dependency groupId="org.slf4j" artifactId="log4j-over-slf4j" version="1.7.25"/>
<dependency groupId="org.slf4j" artifactId="jcl-over-slf4j" version="1.7.25" />
- <dependency groupId="ch.qos.logback" artifactId="logback-core" version="1.1.3"/>
- <dependency groupId="ch.qos.logback" artifactId="logback-classic" version="1.1.3"/>
+ <dependency groupId="ch.qos.logback" artifactId="logback-core" version="1.2.3"/>
+ <dependency groupId="ch.qos.logback" artifactId="logback-classic" version="1.2.3"/>
<dependency groupId="org.codehaus.jackson" artifactId="jackson-core-asl" version="1.9.2"/>
<dependency groupId="org.codehaus.jackson" artifactId="jackson-mapper-asl" version="1.9.2"/>
<dependency groupId="com.googlecode.json-simple" artifactId="json-simple" version="1.1"/>
http://git-wip-us.apache.org/repos/asf/cassandra/blob/c0aa79e5/conf/logback.xml
----------------------------------------------------------------------
diff --git a/conf/logback.xml b/conf/logback.xml
index a22f131..b2c5b10 100644
--- a/conf/logback.xml
+++ b/conf/logback.xml
@@ -22,7 +22,7 @@ In order to disable debug.log, comment-out the ASYNCDEBUGLOG
appender reference in the root level section below.
-->
-<configuration scan="true">
+<configuration scan="true" scanPeriod="60 seconds">
<jmxConfigurator />
<!-- No shutdown hook; we run it ourselves in StorageService after shutdown -->
@@ -34,14 +34,14 @@ appender reference in the root level section below.
<level>INFO</level>
</filter>
<file>${cassandra.logdir}/system.log</file>
- <rollingPolicy class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy">
- <fileNamePattern>${cassandra.logdir}/system.log.%i.zip</fileNamePattern>
- <minIndex>1</minIndex>
- <maxIndex>20</maxIndex>
+ <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
+ <!-- rollover daily -->
+ <fileNamePattern>${cassandra.logdir}/system.log.%d{yyyy-MM-dd}.%i.zip</fileNamePattern>
+ <!-- each file should be at most 50MB, keep 7 days worth of history, but at most 5GB -->
+ <maxFileSize>50MB</maxFileSize>
+ <maxHistory>7</maxHistory>
+ <totalSizeCap>5GB</totalSizeCap>
</rollingPolicy>
- <triggeringPolicy class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy">
- <maxFileSize>20MB</maxFileSize>
- </triggeringPolicy>
<encoder>
<pattern>%-5level [%thread] %date{ISO8601} %F:%L - %msg%n</pattern>
</encoder>
@@ -51,14 +51,14 @@ appender reference in the root level section below.
<appender name="DEBUGLOG" class="ch.qos.logback.core.rolling.RollingFileAppender">
<file>${cassandra.logdir}/debug.log</file>
- <rollingPolicy class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy">
- <fileNamePattern>${cassandra.logdir}/debug.log.%i.zip</fileNamePattern>
- <minIndex>1</minIndex>
- <maxIndex>20</maxIndex>
+ <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
+ <!-- rollover daily -->
+ <fileNamePattern>${cassandra.logdir}/debug.log.%d{yyyy-MM-dd}.%i.zip</fileNamePattern>
+ <!-- each file should be at most 50MB, keep 7 days worth of history, but at most 5GB -->
+ <maxFileSize>50MB</maxFileSize>
+ <maxHistory>7</maxHistory>
+ <totalSizeCap>5GB</totalSizeCap>
</rollingPolicy>
- <triggeringPolicy class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy">
- <maxFileSize>20MB</maxFileSize>
- </triggeringPolicy>
<encoder>
<pattern>%-5level [%thread] %date{ISO8601} %F:%L - %msg%n</pattern>
</encoder>
http://git-wip-us.apache.org/repos/asf/cassandra/blob/c0aa79e5/lib/logback-classic-1.1.3.jar
----------------------------------------------------------------------
diff --git a/lib/logback-classic-1.1.3.jar b/lib/logback-classic-1.1.3.jar
deleted file mode 100644
index 2aa10a5..0000000
Binary files a/lib/logback-classic-1.1.3.jar and /dev/null differ
http://git-wip-us.apache.org/repos/asf/cassandra/blob/c0aa79e5/lib/logback-classic-1.2.3.jar
----------------------------------------------------------------------
diff --git a/lib/logback-classic-1.2.3.jar b/lib/logback-classic-1.2.3.jar
new file mode 100644
index 0000000..bed00c0
Binary files /dev/null and b/lib/logback-classic-1.2.3.jar differ
http://git-wip-us.apache.org/repos/asf/cassandra/blob/c0aa79e5/lib/logback-core-1.1.3.jar
----------------------------------------------------------------------
diff --git a/lib/logback-core-1.1.3.jar b/lib/logback-core-1.1.3.jar
deleted file mode 100644
index 996b722..0000000
Binary files a/lib/logback-core-1.1.3.jar and /dev/null differ
http://git-wip-us.apache.org/repos/asf/cassandra/blob/c0aa79e5/lib/logback-core-1.2.3.jar
----------------------------------------------------------------------
diff --git a/lib/logback-core-1.2.3.jar b/lib/logback-core-1.2.3.jar
new file mode 100644
index 0000000..487b395
Binary files /dev/null and b/lib/logback-core-1.2.3.jar differ
http://git-wip-us.apache.org/repos/asf/cassandra/blob/c0aa79e5/src/java/org/apache/cassandra/cql3/functions/ThreadAwareSecurityManager.java
----------------------------------------------------------------------
diff --git a/src/java/org/apache/cassandra/cql3/functions/ThreadAwareSecurityManager.java b/src/java/org/apache/cassandra/cql3/functions/ThreadAwareSecurityManager.java
index 9c5b95b..0a424b2 100644
--- a/src/java/org/apache/cassandra/cql3/functions/ThreadAwareSecurityManager.java
+++ b/src/java/org/apache/cassandra/cql3/functions/ThreadAwareSecurityManager.java
@@ -88,6 +88,8 @@ public final class ThreadAwareSecurityManager extends SecurityManager
// To work around this, a custom ReconfigureOnChangeFilter is installed, that simply
// prevents this configuration file check and possible reload of the configration,
// while executing sandboxed UDF code.
+ //
+ // NOTE: this is obsolte with logback versions (at least since 1.2.3)
Logger l = LoggerFactory.getLogger(ThreadAwareSecurityManager.class);
ch.qos.logback.classic.Logger logbackLogger = (ch.qos.logback.classic.Logger) l;
LoggerContext ctx = logbackLogger.getLoggerContext();
@@ -110,6 +112,9 @@ public final class ThreadAwareSecurityManager extends SecurityManager
/**
* The purpose of this class is to prevent logback from checking for config file change,
* if the current thread is executing a sandboxed thread to avoid {@link AccessControlException}s.
+ *
+ * This is obsolete with logback versions that replaced {@link ReconfigureOnChangeFilter}
+ * with {@link ch.qos.logback.classic.joran.ReconfigureOnChangeTask} (at least logback since 1.2.3).
*/
private static class SMAwareReconfigureOnChangeFilter extends ReconfigureOnChangeFilter
{
http://git-wip-us.apache.org/repos/asf/cassandra/blob/c0aa79e5/test/conf/logback-test.xml
----------------------------------------------------------------------
diff --git a/test/conf/logback-test.xml b/test/conf/logback-test.xml
index 48f93bc..4092050 100644
--- a/test/conf/logback-test.xml
+++ b/test/conf/logback-test.xml
@@ -17,7 +17,7 @@
under the License.
-->
-<configuration debug="false" scan="true">
+<configuration debug="false" scan="true" scanPeriod="60 seconds">
<!-- Shutdown hook ensures that async appender flushes -->
<shutdownHook class="ch.qos.logback.core.hook.DelayingShutdownHook"/>
http://git-wip-us.apache.org/repos/asf/cassandra/blob/c0aa79e5/test/unit/org/apache/cassandra/config/DatabaseDescriptorRefTest.java
----------------------------------------------------------------------
diff --git a/test/unit/org/apache/cassandra/config/DatabaseDescriptorRefTest.java b/test/unit/org/apache/cassandra/config/DatabaseDescriptorRefTest.java
index 589afd5..dd45f72 100644
--- a/test/unit/org/apache/cassandra/config/DatabaseDescriptorRefTest.java
+++ b/test/unit/org/apache/cassandra/config/DatabaseDescriptorRefTest.java
@@ -218,10 +218,10 @@ public class DatabaseDescriptorRefTest
method.invoke(null);
if ("clientInitialization".equals(methodName) &&
- threadCount + 1 == threads.getThreadCount())
+ threadCount + 2 == threads.getThreadCount())
{
- // ignore the "AsyncAppender-Worker-ASYNC" thread
- threadCount++;
+ // ignore the "AsyncAppender-Worker-ASYNC" and "logback-1" threads
+ threadCount = threadCount + 2;
}
if (threadCount != threads.getThreadCount())
http://git-wip-us.apache.org/repos/asf/cassandra/blob/c0aa79e5/test/unit/org/apache/cassandra/cql3/validation/operations/AggregationTest.java
----------------------------------------------------------------------
diff --git a/test/unit/org/apache/cassandra/cql3/validation/operations/AggregationTest.java b/test/unit/org/apache/cassandra/cql3/validation/operations/AggregationTest.java
index dea3803..f2f6614 100644
--- a/test/unit/org/apache/cassandra/cql3/validation/operations/AggregationTest.java
+++ b/test/unit/org/apache/cassandra/cql3/validation/operations/AggregationTest.java
@@ -38,6 +38,7 @@ import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import ch.qos.logback.classic.LoggerContext;
+import ch.qos.logback.classic.joran.ReconfigureOnChangeTask;
import ch.qos.logback.classic.spi.TurboFilterList;
import ch.qos.logback.classic.turbo.ReconfigureOnChangeFilter;
import ch.qos.logback.classic.turbo.TurboFilter;
@@ -58,6 +59,7 @@ import org.apache.cassandra.transport.Event;
import org.apache.cassandra.transport.ProtocolVersion;
import org.apache.cassandra.transport.messages.ResultMessage;
+import static ch.qos.logback.core.CoreConstants.RECONFIGURE_ON_CHANGE_TASK;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertNotNull;
import static org.junit.Assert.assertNull;
@@ -1849,6 +1851,16 @@ public class AggregationTest extends CQLTester
break;
}
}
+
+ ReconfigureOnChangeTask roct = (ReconfigureOnChangeTask) ctx.getObject(RECONFIGURE_ON_CHANGE_TASK);
+ if (roct != null)
+ {
+ // New functionality in logback - they replaced ReconfigureOnChangeFilter (which runs in the logging code)
+ // with an async ReconfigureOnChangeTask - i.e. in a thread that does not become sandboxed.
+ // Let the test run anyway, just we cannot reconfigure it (and it is pointless to reconfigure).
+ return;
+ }
+
assertTrue("ReconfigureOnChangeFilter not in logback's turbo-filter list - do that by adding scan=\"true\" to logback-test.xml's configuration element", done);
}
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@cassandra.apache.org
For additional commands, e-mail: commits-help@cassandra.apache.org