Return-Path: X-Original-To: apmail-lucene-dev-archive@www.apache.org Delivered-To: apmail-lucene-dev-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 133BF10908 for ; Tue, 10 Dec 2013 20:14:12 +0000 (UTC) Received: (qmail 42440 invoked by uid 500); 10 Dec 2013 20:14:08 -0000 Delivered-To: apmail-lucene-dev-archive@lucene.apache.org Received: (qmail 42361 invoked by uid 500); 10 Dec 2013 20:14:08 -0000 Mailing-List: contact dev-help@lucene.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@lucene.apache.org Delivered-To: mailing list dev@lucene.apache.org Received: (qmail 42324 invoked by uid 99); 10 Dec 2013 20:14:08 -0000 Received: from arcas.apache.org (HELO arcas.apache.org) (140.211.11.28) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 10 Dec 2013 20:14:08 +0000 Date: Tue, 10 Dec 2013 20:14:08 +0000 (UTC) From: "Uwe Schindler (JIRA)" To: dev@lucene.apache.org Message-ID: In-Reply-To: References: Subject: [jira] [Updated] (SOLR-4882) Restrict SolrResourceLoader to only classloader accessible files and instance dir MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 [ https://issues.apache.org/jira/browse/SOLR-4882?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Uwe Schindler updated SOLR-4882: -------------------------------- Attachment: (was: SOLR-4882-fix.patch) > Restrict SolrResourceLoader to only classloader accessible files and instance dir > --------------------------------------------------------------------------------- > > Key: SOLR-4882 > URL: https://issues.apache.org/jira/browse/SOLR-4882 > Project: Solr > Issue Type: Improvement > Affects Versions: 4.3 > Reporter: Uwe Schindler > Assignee: Uwe Schindler > Labels: security > Fix For: 4.6, 5.0 > > Attachments: SOLR-4882.patch, SOLR-4882.patch, SOLR-4882.patch > > > SolrResourceLoader currently allows to load files from any absolute/CWD-relative path, which is used as a fallback if the resource cannot be looked up via the class loader. > We should limit this fallback to sub-dirs below the instanceDir passed into the ctor. The CWD special case should be removed, too (the virtual CWD is instance's config or root dir). > The reason for this is security related. Some Solr components allow to pass in resource paths via REST parameters (e.g. XSL stylesheets, velocity templates,...) and load them via resource loader. By this it is possible to limit the whole thing to > not allow loading e.g. /etc/passwd as a stylesheet. > In 4.4 we should add a solrconfig.xml setting to enable the old behaviour, but disable it by default, if your existing installation requires the files from outside the instance dir which are not available via the URLClassLoader used internally. In Lucene 5.0 we should not support this anymore. -- This message was sent by Atlassian JIRA (v6.1.4#6159) --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscribe@lucene.apache.org For additional commands, e-mail: dev-help@lucene.apache.org