You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@ignite.apache.org by "Semyon Danilov (Jira)" <ji...@apache.org> on 2020/09/23 10:57:00 UTC
[jira] [Updated] (IGNITE-13478) Security issue in JMX configuration
using ignite.sh
[ https://issues.apache.org/jira/browse/IGNITE-13478?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Semyon Danilov updated IGNITE-13478:
------------------------------------
Description:
At the moment we have the following code:
*functions.sh*
{code:java}
JMX_PORT=`"$JAVA" -cp "${IGNITE_LIBS}" org.apache.ignite.internal.util.portscanner.GridJmxPortFinder`
#
# This variable defines necessary parameters for JMX
# monitoring and management.
#
# This enables remote unsecure access to JConsole or VisualVM.
#
# ADD YOUR ADDITIONAL PARAMETERS/OPTIONS HERE
#
if [ -n "$JMX_PORT" ]; then
JMX_MON="-Dcom.sun.management.jmxremote -Dcom.sun.management.jmxremote.port=${JMX_PORT} \
-Dcom.sun.management.jmxremote.authenticate=false -Dcom.sun.management.jmxremote.ssl=false"
else
# If JMX port wasn't found do not initialize JMX.
echo "$0, WARN: Failed to resolve JMX host (JMX will be disabled): $HOSTNAME"
JMX_MON=""
fi
{code}
So the properties -Dcom.sun.management.jmxremote.authenticate=false -Dcom.sun.management.jmxremote.ssl=false will be set always and there is no way to change them.
was:
At the moment we have the following code:
*functions.sh*
{{JMX_PORT=`"$JAVA" -cp "${IGNITE_LIBS}" org.apache.ignite.internal.util.portscanner.GridJmxPortFinder`
#
# This variable defines necessary parameters for JMX
# monitoring and management.
#
# This enables remote unsecure access to JConsole or VisualVM.
#
# ADD YOUR ADDITIONAL PARAMETERS/OPTIONS HERE
#
if [ -n "$JMX_PORT" ]; then
JMX_MON="-Dcom.sun.management.jmxremote -Dcom.sun.management.jmxremote.port=${JMX_PORT} \
-Dcom.sun.management.jmxremote.authenticate=false -Dcom.sun.management.jmxremote.ssl=false"}}
So the properties -Dcom.sun.management.jmxremote.authenticate=false -Dcom.sun.management.jmxremote.ssl=false will be set always and there is no way to change them.
> Security issue in JMX configuration using ignite.sh
> ---------------------------------------------------
>
> Key: IGNITE-13478
> URL: https://issues.apache.org/jira/browse/IGNITE-13478
> Project: Ignite
> Issue Type: Bug
> Components: control.sh
> Affects Versions: 2.8.1
> Reporter: Semyon Danilov
> Assignee: Semyon Danilov
> Priority: Major
> Fix For: 2.9
>
>
> At the moment we have the following code:
> *functions.sh*
>
> {code:java}
> JMX_PORT=`"$JAVA" -cp "${IGNITE_LIBS}" org.apache.ignite.internal.util.portscanner.GridJmxPortFinder`
> #
> # This variable defines necessary parameters for JMX
> # monitoring and management.
> #
> # This enables remote unsecure access to JConsole or VisualVM.
> #
> # ADD YOUR ADDITIONAL PARAMETERS/OPTIONS HERE
> #
> if [ -n "$JMX_PORT" ]; then
> JMX_MON="-Dcom.sun.management.jmxremote -Dcom.sun.management.jmxremote.port=${JMX_PORT} \
> -Dcom.sun.management.jmxremote.authenticate=false -Dcom.sun.management.jmxremote.ssl=false"
> else
> # If JMX port wasn't found do not initialize JMX.
> echo "$0, WARN: Failed to resolve JMX host (JMX will be disabled): $HOSTNAME"
> JMX_MON=""
> fi
> {code}
> So the properties -Dcom.sun.management.jmxremote.authenticate=false -Dcom.sun.management.jmxremote.ssl=false will be set always and there is no way to change them.
>
--
This message was sent by Atlassian Jira
(v8.3.4#803005)