lucene-java-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dror Matalon <>
Subject Re: Objection to using /tmp for lock files.
Date Thu, 13 Nov 2003 18:00:47 GMT

In there a reason why RODirectory shouldn't just be rolled into lucene?

I've been experimenting with it and it seems to work as advertised. It
has the advantage of not requiring *any* write capability in /tmp or
anywhere else.



On Thu, Nov 13, 2003 at 09:36:40AM -0800, Doug Cutting wrote:
> Kevin A. Burton wrote:
> >When I first read this changelog entry:
> >
> > > 2. Changed file locking to place lock files in
> > >    System.getProperty(""), where all users are
> > >    permitted to write files.  This way folks can open and correctly
> > >    lock indexes which are read-only to them.
> >
> >I just assumed that this was an optional feature.
> >
> >I think this is a dangerous change and should be disabled by default (or 
> >only enabled with lock files can't be used due to read only media).
> Why is this dangerous?  Are you concerned about malicious users locking 
> indexes in a denial of service attack?  If so, perhaps we should have an 
> option to change where locks are stored, so that they could be, e.g., 
> moved to /var/lock/lucene or somesuch which could have special protections.
> Before this patch, folks could not open an index in a read-only manner 
> unless they had write access to its directory.  I think that is a larger 
> bug and more dangerous, as it means that anyone who can search an index 
> can destroy it.
> I think it is proper that locks are not stored in the same place as the 
> index, as in many cases this is not writable by the searching 
> application, and the lock directory should be writable by all who can 
> read the index.
> Doug
> ---------------------------------------------------------------------
> To unsubscribe, e-mail:
> For additional commands, e-mail:

Dror Matalon
Zapatec Inc 
1700 MLK Way
Berkeley, CA 94709

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message