lucene-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Erik Hatcher (Jira)" <j...@apache.org>
Subject [jira] [Commented] (SOLR-13993) sandbox velocity template render
Date Tue, 03 Dec 2019 18:31:00 GMT

    [ https://issues.apache.org/jira/browse/SOLR-13993?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16987155#comment-16987155
] 

Erik Hatcher commented on SOLR-13993:
-------------------------------------

Attached patch exercises the test security manager which does the trick (when run from `ant
test`).  Testing without the security manager (from IntelliJ) fails two of those tests appropriately.

> sandbox velocity template render
> --------------------------------
>
>                 Key: SOLR-13993
>                 URL: https://issues.apache.org/jira/browse/SOLR-13993
>             Project: Solr
>          Issue Type: Improvement
>      Security Level: Public(Default Security Level. Issues are Public) 
>            Reporter: Robert Muir
>            Priority: Major
>         Attachments: SOLR-13993.patch
>
>
> This thing seems dangerous :)
> Making the whole solr secure is a whole nother thing: (see e.g. SOLR-13991 and we haven't
even gotten started). Its pretty difficult to convert whole large app to work securely. It
is going to take time.
> In the meantime, if we have things that might do something dangerous, and security manager
is enabled, we can put them into a special little sandbox and throw away the key: for example
we can intentionally discard permissions we don't need so they can't launch stuff, if we really
don't trust them, we can start filtering what classes classloader will load.
> This isn't that crazy at all to do, e.g. your web browser does similar tricks to try
to sandbox specific parts that might do something unexpected and cause security issue.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@lucene.apache.org
For additional commands, e-mail: issues-help@lucene.apache.org


Mime
View raw message