Disable java security policies in elasticsearch:5.6.9 docker image

Hi, I'm trying to exploit the log4j vulnerability in Elasticsearch 5.6.9 for an academic project.
I was able to get a RCE (a simple print), but when it comes to executing a shell,
I get this error: java.security.AccessControlException: access denied ("java.io.FilePermission" "/bin/bash" "execute")

Now, I'm not an Elasticsearch or docker expert, so I was wondering if I could specify some options to disable java security policies when running the container.


This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.