Skip to content
This repository was archived by the owner on Sep 21, 2021. It is now read-only.

Commit 1123dc4

Browse files
djschnydjschny
committed
add note about dynamic scripts being disabled by default
Update definitive guide about groovy sandbox vulnerability and ways to handle it.
1 parent 1f062fd commit 1123dc4

File tree

1 file changed

+26
-6
lines changed

1 file changed

+26
-6
lines changed

030_Data/45_Partial_update.asciidoc

+26-6
Original file line numberDiff line numberDiff line change
@@ -91,14 +91,34 @@ POST /website/blog/1/_update
9191
9292
For those ((("documents", "partial updates", "using scripts")))((("updating documents", "partial updates", "using scripts")))moments when the API just isn't enough, Elasticsearch allows you to
9393
write your own custom logic in a script.((("scripts", "using to make partial updates"))) Scripting is supported in many APIs
94-
including search, sorting, aggregations, and document updates. Scripts can be
95-
passed in as part of the request, retrieved from the special `.scripts`
96-
index, or loaded from disk.
94+
including search, sorting, aggregations, and document updates. Scripts can be passed in as part of the request,
95+
retrieved from the special .scripts index, or loaded from disk.
9796
9897
The default scripting language ((("Groovy")))is a http://groovy.codehaus.org/[Groovy], a
99-
fast and expressive scripting language, similar in syntax to JavaScript. It
100-
runs in a _sandbox_ to prevent malicious users from breaking out of
101-
Elasticsearch and attacking the server.
98+
fast and expressive scripting language, similar in syntax to JavaScript. It was first introduced
99+
in Elasticsearch version v1.3.0 and it runs in a _sandbox_, however there is vulnerability
100+
in the Groovy scripting engine that allows an attacker to construct
101+
Groovy scripts that escape the sandbox and execute shell commands as the user
102+
running the Elasticsearch Java VM.
103+
104+
Therefore in versions v1.3.8, v1.4.3, and version v1.5.0 and newer it has been disabled by default.
105+
Alternatively you can disable dynamic Groovy scripts by
106+
adding this setting to the `config/elasticsearch.yml` file in all nodes in the
107+
cluster:
108+
109+
[source,yaml]
110+
-----------------------------------
111+
script.groovy.sandbox.enabled: false
112+
-----------------------------------
113+
114+
This will turn off the Groovy sandbox, thus preventing dynamic Groovy scripts
115+
from being accepted as part of a request or retrieved from the special
116+
`.scripts` index. You will still be able to use Groovy scripts stored in files
117+
in the `config/scripts/` directory on every node.
118+
119+
If your architecture and security is one that does not need worry about the vulnerability,
120+
for example your Elasticsearch endpoints are only exposed and available to trusted applications,
121+
then you can choose to re-enable the dynamic scripting if it is a feature your application needs.
102122
103123
You can read more about scripting in the
104124
http://www.elasticsearch.org/guide/en/elasticsearch/reference/current/modules-scripting.html[scripting reference documentation].

0 commit comments

Comments
 (0)