lucene-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Robert Muir (Jira)" <j...@apache.org>
Subject [jira] [Commented] (SOLR-13983) remove or replace process execution in SystemInfoHandler
Date Mon, 02 Dec 2019 21:54:00 GMT

    [ https://issues.apache.org/jira/browse/SOLR-13983?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16986407#comment-16986407
] 

Robert Muir commented on SOLR-13983:
------------------------------------

Thanks for looking Andrzej!

> remove or replace process execution in SystemInfoHandler
> --------------------------------------------------------
>
>                 Key: SOLR-13983
>                 URL: https://issues.apache.org/jira/browse/SOLR-13983
>             Project: Solr
>          Issue Type: Improvement
>      Security Level: Public(Default Security Level. Issues are Public) 
>            Reporter: Robert Muir
>            Priority: Major
>         Attachments: SOLR-13983.patch
>
>
> SystemInfoHandler is the only place in solr code executing processes. 
> Since solr is a server/long running process listening to HTTP, ideally process execution
could be disabled (e.g. with security manager). But first this code needs to be removed or
replaced, so that there is no legitimate use of it:
> {noformat}
> try { 
>       if (!Constants.WINDOWS) {
>         info.add( "uname",  execute( "uname -a" ) );
>         info.add( "uptime", execute( "uptime" ) );
>       }
>     } catch( Exception ex ) {
>       log.warn("Unable to execute command line tools to get operating system properties.",
ex);
>     } 
>     return info;
> {noformat}
> It already looks like its getting data from OS MXbean here, so maybe this logic is simply
outdated or not needed. It seems to be "best-effort" anyway. Alternatively similar stuff could
be fetched by reading from e.g. /proc file system location if needed.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@lucene.apache.org
For additional commands, e-mail: issues-help@lucene.apache.org


Mime
View raw message