lucene-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Robert Muir (Jira)" <j...@apache.org>
Subject [jira] [Commented] (SOLR-13986) remove "execute" permission from solr-tests.policy
Date Mon, 02 Dec 2019 11:46:00 GMT

    [ https://issues.apache.org/jira/browse/SOLR-13986?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16985988#comment-16985988
] 

Robert Muir commented on SOLR-13986:
------------------------------------

OK I see the issue, its caused by this line in lucene/replicator/build.xml:

{noformat}
  <!-- TODO: go fix this in jetty, its stupid -->
  <property name="tests.policy" location="../tools/junit4/solr-tests.policy"/>
{noformat}

I'm pretty sure this is laziness that I created years ago: since the replicator is using jetty,
it bogusly uses solr's test policy to keep everything happy. It needs to have its own instead
I think? I'll open a LUCENE issue.

> remove "execute" permission from solr-tests.policy
> --------------------------------------------------
>
>                 Key: SOLR-13986
>                 URL: https://issues.apache.org/jira/browse/SOLR-13986
>             Project: Solr
>          Issue Type: Improvement
>      Security Level: Public(Default Security Level. Issues are Public) 
>            Reporter: Robert Muir
>            Priority: Major
>             Fix For: 8.4
>
>         Attachments: SOLR-13986-notyet.patch, SOLR-13986.patch, SOLR-13986.patch, SOLR-13986.patch,
SOLR-13986.patch
>
>
> If we don't really need to execute processes, we can take the permission away. That way
any attempt to execute something results in a SecurityException rather than running a process.
> It is necessary to first fix the tests policy before thinking about supporting securitymanager
in solr. This way we can ensure functionality does not break via our tests.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@lucene.apache.org
For additional commands, e-mail: issues-help@lucene.apache.org


Mime
View raw message