lucene-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Ishan Chattopadhyaya (Jira)" <j...@apache.org>
Subject [jira] [Comment Edited] (SOLR-13991) clean up permissions in solr-tests.policy
Date Tue, 03 Dec 2019 01:37:00 GMT

    [ https://issues.apache.org/jira/browse/SOLR-13991?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16986496#comment-16986496
] 

Ishan Chattopadhyaya edited comment on SOLR-13991 at 12/3/19 1:36 AM:
----------------------------------------------------------------------

I can run it on my Linux box, if it helps. It has 32 cores (64 threads), overclocked to 4.1GHz
on all cores. This is the Threadripper 3970X, nothing less powerful than this one is suitable
for working on Solr tests, unless one has the patience of a monk ;-)

Edit: I just started a run; will report back on status soon.


was (Author: ichattopadhyaya):
I can run it on my Linux box, if it helps. It has 32 cores (64 threads).
Edit: I just started a run; will report back on status soon.

> clean up permissions in solr-tests.policy
> -----------------------------------------
>
>                 Key: SOLR-13991
>                 URL: https://issues.apache.org/jira/browse/SOLR-13991
>             Project: Solr
>          Issue Type: Improvement
>      Security Level: Public(Default Security Level. Issues are Public) 
>            Reporter: Robert Muir
>            Priority: Major
>         Attachments: SOLR-13991.patch, SOLR-13991.patch, SOLR-13991.patch, SOLR-13991.patch
>
>
> The solr-tests.policy is currently way too lenient. Its useful for tests but pretty worthless
at defending against any attacker "for real"
> For example imagine i can execute arbitrary java-ish code:
> {code}
> Runtime.getRuntime().exec("id");
> {code}
> With a security manager enabled, I'd get an exception like this:
> java.security.AccessControlException: access denied ("java.io.FilePermission" "<<ALL
FILES>>" "execute")
> Because the current policy is so lenient and has wildcard RuntimePermission, the next
thing i'd try (disable security manager, then launch process) would happily execute:
> {code}
> System.setSecurityManager(null);Runtime.getRuntime().exec("id");
> {code}
> That's because the current wildcard permission allows {{RuntimePermission("setSecurityManager")}}.

> There are other variants I could use, some explained by java's docs: https://docs.oracle.com/javase/7/docs/api/java/lang/RuntimePermission.html
> It will take time and pain to clean up this stuff: e.g. fixing code and maybe even third-party
dependencies, but gotta start somewhere. I think splitting up the wildcards is a good first
step :)



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@lucene.apache.org
For additional commands, e-mail: issues-help@lucene.apache.org


Mime
View raw message