lucene-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Shalin Shekhar Mangar (Jira)" <>
Subject [jira] [Commented] (SOLR-13986) remove "execute" permission from solr-tests.policy
Date Sun, 01 Dec 2019 04:06:00 GMT


Shalin Shekhar Mangar commented on SOLR-13986:

bq. Unrelated to these specific problems, It seems really important to move or remove this
hadoop shit out of the solr core: It is really unreasonable that solr core depends on hadoop.
that's gonna simply block any progress improving its security, because solr code will get
dragged down by hadoop's code.

I agree that hadoop specific code should live in a contrib. I'll open an issue to do that.

> remove "execute" permission from solr-tests.policy
> --------------------------------------------------
>                 Key: SOLR-13986
>                 URL:
>             Project: Solr
>          Issue Type: Improvement
>      Security Level: Public(Default Security Level. Issues are Public) 
>            Reporter: Robert Muir
>            Priority: Major
>         Attachments: SOLR-13986-notyet.patch, SOLR-13986.patch, SOLR-13986.patch
> If we don't really need to execute processes, we can take the permission away. That way
any attempt to execute something results in a SecurityException rather than running a process.
> It is necessary to first fix the tests policy before thinking about supporting securitymanager
in solr. This way we can ensure functionality does not break via our tests.

This message was sent by Atlassian Jira

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message