lucene-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Uwe Schindler (JIRA)" <>
Subject [jira] [Commented] (LUCENE-4352) only the test runner should be able to System.exit
Date Tue, 04 Sep 2012 06:52:07 GMT


Uwe Schindler commented on LUCENE-4352:

For the test-framework an example for using AccessControler.doPrivileged() would be:
- Policy denies e.g. file access outside the test runner JAR (which may be a good idea) ->
"untrusted code"
- But Policy allows writing files outside the J0 working directory for the test-framework.jar
file itself -> "trusted code"

The problem here would be: 
- "untrusted" code calls "trusted" code, e.g. the test ("untrusted") calls a method from test-framework
that writes outside base directory. The calling "untrusted" code is not allowed to do this,
but the test-framework itsself ("trusted") is allowed to do this.
- SecurityManager would disallow this, but that may not what we want.

The naming of AccessController.doPrivileged is a little bit misleading. It does not mean something
is "privileged", it just tells that the closure should not be handled by access checks of
the code calling you, but with the context of your own code. This is always needed when untrusted
code calls trusted code which would normally have higher rights.

The above example might be a good solution (limit write access to test-runner's local private
"J0" directory only).
> only the test runner should be able to System.exit
> --------------------------------------------------
>                 Key: LUCENE-4352
>                 URL:
>             Project: Lucene - Core
>          Issue Type: Bug
>          Components: general/test
>    Affects Versions: 4.0-BETA
>            Reporter: Robert Muir
>            Assignee: Uwe Schindler
>             Fix For: 5.0, 4.0
>         Attachments: LUCENE-4352.patch, LUCENE-4352.patch, LUCENE-4352.patch, LUCENE-4352.patch,
> All others should get SecurityException

This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see:

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message