lucene-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Robert Muir (Jira)" <>
Subject [jira] [Commented] (SOLR-13986) remove "execute" permission from solr-tests.policy
Date Mon, 02 Dec 2019 11:46:00 GMT


Robert Muir commented on SOLR-13986:

OK I see the issue, its caused by this line in lucene/replicator/build.xml:

  <!-- TODO: go fix this in jetty, its stupid -->
  <property name="tests.policy" location="../tools/junit4/solr-tests.policy"/>

I'm pretty sure this is laziness that I created years ago: since the replicator is using jetty,
it bogusly uses solr's test policy to keep everything happy. It needs to have its own instead
I think? I'll open a LUCENE issue.

> remove "execute" permission from solr-tests.policy
> --------------------------------------------------
>                 Key: SOLR-13986
>                 URL:
>             Project: Solr
>          Issue Type: Improvement
>      Security Level: Public(Default Security Level. Issues are Public) 
>            Reporter: Robert Muir
>            Priority: Major
>             Fix For: 8.4
>         Attachments: SOLR-13986-notyet.patch, SOLR-13986.patch, SOLR-13986.patch, SOLR-13986.patch,
> If we don't really need to execute processes, we can take the permission away. That way
any attempt to execute something results in a SecurityException rather than running a process.
> It is necessary to first fix the tests policy before thinking about supporting securitymanager
in solr. This way we can ensure functionality does not break via our tests.

This message was sent by Atlassian Jira

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message