lucene-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Shalin Shekhar Mangar (Jira)" <j...@apache.org>
Subject [jira] [Commented] (SOLR-13986) remove "execute" permission from solr-tests.policy
Date Sun, 01 Dec 2019 04:06:00 GMT

    [ https://issues.apache.org/jira/browse/SOLR-13986?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16985477#comment-16985477
] 

Shalin Shekhar Mangar commented on SOLR-13986:
----------------------------------------------

bq. Unrelated to these specific problems, It seems really important to move or remove this
hadoop shit out of the solr core: It is really unreasonable that solr core depends on hadoop.
that's gonna simply block any progress improving its security, because solr code will get
dragged down by hadoop's code.

I agree that hadoop specific code should live in a contrib. I'll open an issue to do that.

> remove "execute" permission from solr-tests.policy
> --------------------------------------------------
>
>                 Key: SOLR-13986
>                 URL: https://issues.apache.org/jira/browse/SOLR-13986
>             Project: Solr
>          Issue Type: Improvement
>      Security Level: Public(Default Security Level. Issues are Public) 
>            Reporter: Robert Muir
>            Priority: Major
>         Attachments: SOLR-13986-notyet.patch, SOLR-13986.patch, SOLR-13986.patch
>
>
> If we don't really need to execute processes, we can take the permission away. That way
any attempt to execute something results in a SecurityException rather than running a process.
> It is necessary to first fix the tests policy before thinking about supporting securitymanager
in solr. This way we can ensure functionality does not break via our tests.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@lucene.apache.org
For additional commands, e-mail: issues-help@lucene.apache.org


Mime
View raw message