You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cassandra.apache.org by mc...@apache.org on 2022/10/18 21:25:53 UTC
[cassandra] branch cassandra-4.1 updated (0aa4ef1a8e -> fbb3079144)
This is an automated email from the ASF dual-hosted git repository.
mck pushed a change to branch cassandra-4.1
in repository https://gitbox.apache.org/repos/asf/cassandra.git
from 0aa4ef1a8e Merge branch 'cassandra-4.0' into cassandra-4.1
new b2660bcf78 Fix JMX security vulnerabilities
new 95d0a936f9 Merge branch 'cassandra-3.0' into cassandra-3.11
new 9a24fa81e5 Merge branch 'cassandra-3.11' into cassandra-4.0
new fbb3079144 Merge branch 'cassandra-4.0' into cassandra-4.1
The 4 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
Summary of changes:
CHANGES.txt | 1 +
ide/idea/workspace.xml | 2 +-
.../cassandra/auth/jmx/AuthorizationProxy.java | 70 ++++++++++++++++++++++
3 files changed, 72 insertions(+), 1 deletion(-)
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@cassandra.apache.org
For additional commands, e-mail: commits-help@cassandra.apache.org
[cassandra] 01/01: Merge branch 'cassandra-4.0' into cassandra-4.1
Posted by mc...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
mck pushed a commit to branch cassandra-4.1
in repository https://gitbox.apache.org/repos/asf/cassandra.git
commit fbb3079144851e704a7912b8630f72c9345e0bb5
Merge: 0aa4ef1a8e 9a24fa81e5
Author: Mick Semb Wever <mc...@apache.org>
AuthorDate: Tue Oct 18 22:54:11 2022 +0200
Merge branch 'cassandra-4.0' into cassandra-4.1
* cassandra-4.0:
Fix JMX security vulnerabilities
CHANGES.txt | 1 +
ide/idea/workspace.xml | 2 +-
.../cassandra/auth/jmx/AuthorizationProxy.java | 70 ++++++++++++++++++++++
3 files changed, 72 insertions(+), 1 deletion(-)
diff --cc CHANGES.txt
index d5a1ce2416,19fe614a29..ed8ea6eea5
--- a/CHANGES.txt
+++ b/CHANGES.txt
@@@ -7,46 -5,22 +7,47 @@@ Merged from 4.0
Merged from 3.11:
* Suppress CVE-2022-42003 and CVE-2022-42004 (CASSANDRA-17966)
* Make LongBufferPoolTest insensitive to timing (CASSANDRA-16681)
- * Suppress CVE-2022-25857 and other snakeyaml CVEs (CASSANDRA-17907)
- * Fix potential IndexOutOfBoundsException in PagingState in mixed mode clusters (CASSANDRA-17840)
Merged from 3.0:
+ * Harden JMX by resolving beanshooter issues (CASSANDRA-17921)
* Suppress CVE-2019-2684 (CASSANDRA-17965)
* Fix auto-completing "WITH" when creating a materialized view (CASSANDRA-17879)
- * Fix scrubber falling into infinite loop when the last partition is broken (CASSANDRA-17862)
- * Fix resetting schema (CASSANDRA-17819)
-4.0.6
+4.1-beta1
+ * We should not emit deprecation warning on startup for `key_cache_save_period`, `row_cache_save_period`, `counter_cache_save_period` (CASSANDRA-17904)
+ * upsert with adder support is not consistent with numbers and strings in LWT (CASSANDRA-17857)
+ * Fix race and return after failing connections (CASSANDRA-17618)
+ * Speculative execution threshold unit mismatch (CASSANDRA-17877)
+ * Fix BulkLoader to load entireSSTableThrottle and entireSSTableInterDcThrottle (CASSANDRA-17677)
+ * Fix a race condition where a keyspace can be oopened while it is being removed (CASSANDRA-17658)
+ * DatabaseDescriptor will set the default failure detector during client initialization (CASSANDRA-17782)
+ * Avoid initializing schema via SystemKeyspace.getPreferredIP() with the BulkLoader tool (CASSANDRA-17740)
+ * Improve JMX methods signatures, fix JMX and config backward compatibility (CASSANDRA-17725)
+ * Fix sstable_preemptive_open_interval disabled value. sstable_preemptive_open_interval = null backward compatible with
+ sstable_preemptive_open_interval_in_mb = -1 (CASSANDRA-17737)
+ * Remove usages of Path#toFile() in the snapshot apparatus (CASSANDRA-17769)
+ * Fix Settings Virtual Table to update paxos_variant after startup and rename enable_uuid_sstable_identifiers to
+ uuid_sstable_identifiers_enabled as per our config naming conventions (CASSANDRA-17738)
+ * index_summary_resize_interval_in_minutes = -1 is equivalent to index_summary_resize_interval being set to null or
+ disabled. JMX MBean IndexSummaryManager, setResizeIntervalInMinutes method still takes resizeIntervalInMinutes = -1 for disabled (CASSANDRA-17735)
+ * min_tracked_partition_size_bytes parameter from 4.1 alpha1 was renamed to min_tracked_partition_size (CASSANDRA-17733)
+ * Remove commons-lang dependency during build runtime (CASSANDRA-17724)
+ * Relax synchronization on StreamSession#onError() to avoid deadlock (CASSANDRA-17706)
+ * Fix AbstractCell#toString throws MarshalException for cell in collection (CASSANDRA-17695)
+ * Add new vtable output option to compactionstats (CASSANDRA-17683)
+ * Fix commitLogUpperBound initialization in AbstractMemtableWithCommitlog (CASSANDRA-17587)
+ * Fix widening to long in getBatchSizeFailThreshold (CASSANDRA-17650)
+ * Fix widening from mebibytes to bytes in IntMebibytesBound (CASSANDRA-17716)
+ * Revert breaking change in nodetool clientstats and expose cient options through nodetool clientstats --client-options. (CASSANDRA-17715)
+ * Fix missed nowInSec values in QueryProcessor (CASSANDRA-17458)
+ * Revert removal of withBufferSizeInMB(int size) in CQLSSTableWriter.Builder class and deprecate it in favor of withBufferSizeInMiB(int size) (CASSANDRA-17675)
+ * Remove expired snapshots of dropped tables after restart (CASSANDRA-17619)
+Merged from 4.0:
+ * Mitigate direct buffer memory OOM on replacements (CASSANDRA-17895)
+ * Fix repair failure on assertion if two peers have overlapping mismatching ranges (CASSANDRA-17900)
+ * Better handle null state in Gossip schema migration to avoid NPE (CASSANDRA-17864)
+ * HintedHandoffAddRemoveNodesTest now accounts for the fact that StorageMetrics.totalHints is not updated synchronously w/ writes (CASSANDRA-16679)
+ * Avoid getting hanging repairs due to repair message timeouts (CASSANDRA-17613)
+ * Prevent infinite loop in repair coordinator on FailSession (CASSANDRA-17834)
* Fix race condition on updating cdc size and advancing to next segment (CASSANDRA-17792)
* Add 'noboolean' rpm build for older distros like CentOS7 (CASSANDRA-17765)
* Fix default value for compaction_throughput_mb_per_sec in Config class to match the one in cassandra.yaml (CASSANDRA-17790)
diff --cc ide/idea/workspace.xml
index e35ba90ac7,6581dcecd6..8851d7e283
--- a/ide/idea/workspace.xml
+++ b/ide/idea/workspace.xml
@@@ -187,7 -187,7 +187,7 @@@
<configuration default="false" name="Cassandra" type="Application" factoryName="Application">
<extension name="coverage" enabled="false" merge="false" sample_coverage="true" runner="idea" />
<option name="MAIN_CLASS_NAME" value="org.apache.cassandra.service.CassandraDaemon" />
- <option name="VM_PARAMETERS" value="-Dcassandra-foreground=yes -Dcassandra.config=file://$PROJECT_DIR$/conf/cassandra.yaml -Dcassandra.storagedir=$PROJECT_DIR$/data -Dlogback.configurationFile=file://$PROJECT_DIR$/conf/logback.xml -Dcassandra.logdir=$PROJECT_DIR$/data/logs -Djava.library.path=$PROJECT_DIR$/lib/sigar-bin -Dcom.sun.management.jmxremote -Dcom.sun.management.jmxremote.port=7199 -Dcom.sun.management.jmxremote.local.only=false -Dcom.sun.management.jmxremote.authenticate [...]
- <option name="VM_PARAMETERS" value="-Dcassandra-foreground=yes -Dcassandra.config=file://$PROJECT_DIR$/conf/cassandra.yaml -Dcassandra.storagedir=$PROJECT_DIR$/data -Dlogback.configurationFile=file://$PROJECT_DIR$/conf/logback.xml -Dcassandra.logdir=$PROJECT_DIR$/data/logs -Djava.library.path=$PROJECT_DIR$/lib/sigar-bin -Dcassandra.jmx.local.port=7199 -ea -Xmx1G" />
++ <option name="VM_PARAMETERS" value="-Dcassandra-foreground=yes -Dcassandra.config=file://$PROJECT_DIR$/conf/cassandra.yaml -Dcassandra.storagedir=$PROJECT_DIR$/data -Dlogback.configurationFile=file://$PROJECT_DIR$/conf/logback.xml -Dcassandra.logdir=$PROJECT_DIR$/data/logs -Djava.library.path=$PROJECT_DIR$/lib/sigar-bin -Dcassandra.jmx.local.port=7199 -ea -Xmx1G -Dcassandra.reads.thresholds.coordinator.defensive_checks_enabled=true" />
<option name="PROGRAM_PARAMETERS" value="" />
<option name="WORKING_DIRECTORY" value="file://$PROJECT_DIR$" />
<option name="ALTERNATIVE_JRE_PATH_ENABLED" value="false" />
diff --cc src/java/org/apache/cassandra/auth/jmx/AuthorizationProxy.java
index 613a1bd440,36c552c700..afc8b46e7c
--- a/src/java/org/apache/cassandra/auth/jmx/AuthorizationProxy.java
+++ b/src/java/org/apache/cassandra/auth/jmx/AuthorizationProxy.java
@@@ -478,12 -481,76 +483,77 @@@ public class AuthorizationProxy impleme
.collect(Collectors.toSet());
}
+ private void checkVulnerableMethods(Object args[])
+ {
+ assert args.length == 4;
+ ObjectName name;
+ String operationName;
+ Object[] params;
+ String[] signature;
+ try
+ {
+ name = (ObjectName) args[0];
+ operationName = (String) args[1];
+ params = (Object[]) args[2];
+ signature = (String[]) args[3];
+ }
+ catch (ClassCastException cce)
+ {
+ logger.warn("Could not interpret arguments to check vulnerable MBean invocations; did the MBeanServer interface change?", cce);
+ return;
+ }
+
+ // When adding compiler directives from a file, most JDKs will log the file contents if invalid, which
+ // leads to an arbitrary file read vulnerability
+ checkCompilerDirectiveAddMethods(name, operationName);
+
+ // Loading arbitrary (JVM and native) libraries from remotes
+ checkJvmtiLoad(name, operationName);
+ checkMLetMethods(name, operationName);
+ }
+
+ private void checkCompilerDirectiveAddMethods(ObjectName name, String operation)
+ {
+ if (name.getCanonicalName().equals("com.sun.management:type=DiagnosticCommand")
+ && operation.equals("compilerDirectivesAdd"))
+ throw new SecurityException("Access is denied!");
+ }
+
+ private void checkJvmtiLoad(ObjectName name, String operation)
+ {
+ if (name.getCanonicalName().equals("com.sun.management:type=DiagnosticCommand")
+ && operation.equals("jvmtiAgentLoad"))
+ throw new SecurityException("Access is denied!");
+ }
+
+ private void checkMLetMethods(ObjectName name, String operation)
+ {
+ // Inspired by MBeanServerAccessController, but that class ignores check if a SecurityManager is installed,
+ // which we don't want
+
+ if (operation == null)
+ return;
+
+ try
+ {
+ if (!mbs.isInstanceOf(name, "javax.management.loading.MLet"))
+ return;
+ }
+ catch (InstanceNotFoundException infe)
+ {
+ return;
+ }
+
+ if (operation.equals("addURL") || operation.equals("getMBeansFromURL"))
+ throw new SecurityException("Access is denied!");
+ }
+
- private static final class JMXPermissionsCache extends AuthCache<RoleResource, Set<PermissionDetails>>
+ public static final class JmxPermissionsCache extends AuthCache<RoleResource, Set<PermissionDetails>>
+ implements JmxPermissionsCacheMBean
{
- protected JMXPermissionsCache()
+ protected JmxPermissionsCache()
{
- super("JMXPermissionsCache",
+ super(CACHE_NAME,
DatabaseDescriptor::setPermissionsValidity,
DatabaseDescriptor::getPermissionsValidity,
DatabaseDescriptor::setPermissionsUpdateInterval,
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@cassandra.apache.org
For additional commands, e-mail: commits-help@cassandra.apache.org