lucene-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Robert Muir (Jira)" <>
Subject [jira] [Created] (SOLR-13994) OS-level sandboxing to prevent RCE
Date Mon, 02 Dec 2019 22:44:00 GMT
Robert Muir created SOLR-13994:

             Summary: OS-level sandboxing to prevent RCE
                 Key: SOLR-13994
             Project: Solr
          Issue Type: Improvement
      Security Level: Public (Default Security Level. Issues are Public)
            Reporter: Robert Muir

The "correct" way to secure solr app is just to follow the guidelines java provides:

But we can cheat if we need to. Every popular OS has a "one-way" function to turn off execution,
so no crazy exploit can work around it (unless they have e.g. kernel exploit).

There are serious tradeoffs for solr: e.g. no way to "pass through" stuff like hadoop's crappy
stuff, and stuff like java's {{-XX:OnOutOfMemoryError=}} cant work. But you can be pretty
fucking confident RCE won't happen :)

I have implemented such stuff before, for example:

Personally, I would prefer we not do this stuff. It is better to secure the code "cleanly"
and not resort to such native hacks. And I think its not a good idea to invite a bunch of
native code and the crazy bugs it can bring, this is a java project! 

But if circumstances demand, maybe we need the crutch, even temporarily. So I'm opening the
issue anyway, because it is a nuclear option we can apply. And code I have done before is
under AL2.0.

This message was sent by Atlassian Jira

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message