You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cassandra.apache.org by mc...@apache.org on 2022/10/18 21:25:49 UTC
[cassandra] branch cassandra-3.11 updated (6b0cd7db04 -> 95d0a936f9)
This is an automated email from the ASF dual-hosted git repository.
mck pushed a change to branch cassandra-3.11
in repository https://gitbox.apache.org/repos/asf/cassandra.git
from 6b0cd7db04 Merge branch 'cassandra-3.0' into cassandra-3.11
new b2660bcf78 Fix JMX security vulnerabilities
new 95d0a936f9 Merge branch 'cassandra-3.0' into cassandra-3.11
The 2 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
Summary of changes:
CHANGES.txt | 1 +
ide/idea/workspace.xml | 2 +-
.../cassandra/auth/jmx/AuthorizationProxy.java | 70 ++++++++++++++++++++++
3 files changed, 72 insertions(+), 1 deletion(-)
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@cassandra.apache.org
For additional commands, e-mail: commits-help@cassandra.apache.org
[cassandra] 01/01: Merge branch 'cassandra-3.0' into cassandra-3.11
Posted by mc...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
mck pushed a commit to branch cassandra-3.11
in repository https://gitbox.apache.org/repos/asf/cassandra.git
commit 95d0a936f9611e6c43b79f6e4ba470c27d384567
Merge: 6b0cd7db04 b2660bcf78
Author: Mick Semb Wever <mc...@apache.org>
AuthorDate: Tue Oct 18 22:49:07 2022 +0200
Merge branch 'cassandra-3.0' into cassandra-3.11
* cassandra-3.0:
Fix JMX security vulnerabilities
CHANGES.txt | 1 +
ide/idea/workspace.xml | 2 +-
.../cassandra/auth/jmx/AuthorizationProxy.java | 70 ++++++++++++++++++++++
3 files changed, 72 insertions(+), 1 deletion(-)
diff --cc CHANGES.txt
index 830dca3b50,799d0b11d9..3e0ab807ec
--- a/CHANGES.txt
+++ b/CHANGES.txt
@@@ -1,12 -1,5 +1,13 @@@
-3.0.28
+3.11.14
+ * Suppress CVE-2022-42003 and CVE-2022-42004 (CASSANDRA-17966)
+ * Make LongBufferPoolTest insensitive to timing (CASSANDRA-16681)
+ * Suppress CVE-2022-25857 and other snakeyaml CVEs (CASSANDRA-17907)
+ * Fix potential IndexOutOfBoundsException in PagingState in mixed mode clusters (CASSANDRA-17840)
+ * Document usage of closed token intervals in manual compaction (CASSANDRA-17575)
+ * Creating of a keyspace on insufficient number of replicas should filter out gosspping-only members (CASSANDRA-17759)
+ * Only use statically defined subcolumns when determining column definition for supercolumn cell (CASSANDRA-14113)
+Merged from 3.0:
+ * Harden JMX by resolving beanshooter issues (CASSANDRA-17921)
* Suppress CVE-2019-2684 (CASSANDRA-17965)
* Fix auto-completing "WITH" when creating a materialized view (CASSANDRA-17879)
* Fix scrubber falling into infinite loop when the last partition is broken (CASSANDRA-17862)
diff --cc ide/idea/workspace.xml
index 6c6eb69e68,a3fda6ac5d..f98c858f72
--- a/ide/idea/workspace.xml
+++ b/ide/idea/workspace.xml
@@@ -186,7 -188,7 +186,7 @@@
<configuration default="false" name="Cassandra" type="Application" factoryName="Application">
<extension name="coverage" enabled="false" merge="false" sample_coverage="true" runner="idea" />
<option name="MAIN_CLASS_NAME" value="org.apache.cassandra.service.CassandraDaemon" />
- <option name="VM_PARAMETERS" value="-Dcassandra-foreground=yes -Dcassandra.config=file://$PROJECT_DIR$/conf/cassandra.yaml -Dcassandra.storagedir=$PROJECT_DIR$/data -Dlogback.configurationFile=file://$PROJECT_DIR$/conf/logback.xml -Dcassandra.logdir=$PROJECT_DIR$/data/logs -Djava.library.path=$PROJECT_DIR$/lib/sigar-bin -Dcom.sun.management.jmxremote -Dcom.sun.management.jmxremote.port=7199 -Dcom.sun.management.jmxremote.local.only=false -Dcom.sun.management.jmxremote.authenticate [...]
- <option name="VM_PARAMETERS" value="-Dcassandra-foreground=yes -Dcassandra.config=file://$PROJECT_DIR$/conf/cassandra.yaml -Dcassandra.storagedir=$PROJECT_DIR$/data -Dlogback.configurationFile=file://$PROJECT_DIR$/conf/logback.xml -Dcassandra.logdir=$PROJECT_DIR$/data/logs -Dcassandra.jmx.local.port=7199 -ea -Xmx1G" />
++ <option name="VM_PARAMETERS" value="-Dcassandra-foreground=yes -Dcassandra.config=file://$PROJECT_DIR$/conf/cassandra.yaml -Dcassandra.storagedir=$PROJECT_DIR$/data -Dlogback.configurationFile=file://$PROJECT_DIR$/conf/logback.xml -Dcassandra.logdir=$PROJECT_DIR$/data/logs -Djava.library.path=$PROJECT_DIR$/lib/sigar-bin -Dcassandra.jmx.local.port=7199 -ea -Xmx1G" />
<option name="PROGRAM_PARAMETERS" value="" />
<option name="WORKING_DIRECTORY" value="file://$PROJECT_DIR$" />
<option name="ALTERNATIVE_JRE_PATH_ENABLED" value="false" />
diff --cc src/java/org/apache/cassandra/auth/jmx/AuthorizationProxy.java
index ebc1763cce,65f7d20202..f2665085f3
--- a/src/java/org/apache/cassandra/auth/jmx/AuthorizationProxy.java
+++ b/src/java/org/apache/cassandra/auth/jmx/AuthorizationProxy.java
@@@ -21,13 -21,8 +21,14 @@@ package org.apache.cassandra.auth.jmx
import java.lang.reflect.*;
import java.security.AccessControlContext;
import java.security.AccessController;
+import java.security.Principal;
+import java.util.Set;
+import java.util.function.Function;
+import java.util.function.Supplier;
+import java.util.stream.Collectors;
+ import javax.management.InstanceNotFoundException;
import javax.management.MBeanServer;
+import javax.management.MalformedObjectNameException;
import javax.management.ObjectName;
import javax.security.auth.Subject;
@@@ -457,37 -103,68 +462,102 @@@ public class AuthorizationProxy impleme
}
}
+ /**
+ * Query the configured IAuthorizer for the set of all permissions granted on JMXResources to a specific subject
+ * @param subject
+ * @return All permissions granted to the specfied subject (including those transitively inherited from
+ * any roles the subject has been granted), filtered to include only permissions granted on
+ * JMXResources
+ */
+ private static Set<PermissionDetails> loadPermissions(RoleResource subject)
+ {
+ // get all permissions for the specified subject. We'll cache them as it's likely
+ // we'll receive multiple lookups for the same subject (but for different resources
+ // and permissions) in quick succession
+ return DatabaseDescriptor.getAuthorizer().list(AuthenticatedUser.SYSTEM_USER, Permission.ALL, null, subject)
+ .stream()
+ .filter(details -> details.resource instanceof JMXResource)
+ .collect(Collectors.toSet());
+ }
+
+ private void checkVulnerableMethods(Object args[])
+ {
+ assert args.length == 4;
+ ObjectName name;
+ String operationName;
+ Object[] params;
+ String[] signature;
+ try
+ {
+ name = (ObjectName) args[0];
+ operationName = (String) args[1];
+ params = (Object[]) args[2];
+ signature = (String[]) args[3];
+ }
+ catch (ClassCastException cce)
+ {
+ logger.warn("Could not interpret arguments to check vulnerable MBean invocations; did the MBeanServer interface change?", cce);
+ return;
+ }
+
+ // When adding compiler directives from a file, most JDKs will log the file contents if invalid, which
+ // leads to an arbitrary file read vulnerability
+ checkCompilerDirectiveAddMethods(name, operationName);
+
+ // Loading arbitrary (JVM and native) libraries from remotes
+ checkJvmtiLoad(name, operationName);
+ checkMLetMethods(name, operationName);
+ }
+
+ private void checkCompilerDirectiveAddMethods(ObjectName name, String operation)
+ {
+ if (name.getCanonicalName().equals("com.sun.management:type=DiagnosticCommand")
+ && operation.equals("compilerDirectivesAdd"))
+ throw new SecurityException("Access is denied!");
+ }
+
+ private void checkJvmtiLoad(ObjectName name, String operation)
+ {
+ if (name.getCanonicalName().equals("com.sun.management:type=DiagnosticCommand")
+ && operation.equals("jvmtiAgentLoad"))
+ throw new SecurityException("Access is denied!");
+ }
+
+ private void checkMLetMethods(ObjectName name, String operation)
+ {
+ // Inspired by MBeanServerAccessController, but that class ignores check if a SecurityManager is installed,
+ // which we don't want
+
+ if (operation == null)
+ return;
+
+ try
+ {
+ if (!mbs.isInstanceOf(name, "javax.management.loading.MLet"))
+ return;
- } catch (InstanceNotFoundException infe)
++ }
++ catch (InstanceNotFoundException infe)
+ {
+ return;
+ }
+
+ if (operation.equals("addURL") || operation.equals("getMBeansFromURL"))
+ throw new SecurityException("Access is denied!");
+ }
-}
+
+ private static final class JMXPermissionsCache extends AuthCache<RoleResource, Set<PermissionDetails>>
+ {
+ protected JMXPermissionsCache()
+ {
+ super("JMXPermissionsCache",
+ DatabaseDescriptor::setPermissionsValidity,
+ DatabaseDescriptor::getPermissionsValidity,
+ DatabaseDescriptor::setPermissionsUpdateInterval,
+ DatabaseDescriptor::getPermissionsUpdateInterval,
+ DatabaseDescriptor::setPermissionsCacheMaxEntries,
+ DatabaseDescriptor::getPermissionsCacheMaxEntries,
+ AuthorizationProxy::loadPermissions,
+ () -> true);
+ }
+ }
+}
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@cassandra.apache.org
For additional commands, e-mail: commits-help@cassandra.apache.org