lucene-java-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Doug Cutting <cutt...@lucene.com>
Subject Re: Objection to using /tmp for lock files.
Date Thu, 13 Nov 2003 17:36:40 GMT
Kevin A. Burton wrote:
> When I first read this changelog entry:
> 
>  > 2. Changed file locking to place lock files in
>  >    System.getProperty("java.io.tmpdir"), where all users are
>  >    permitted to write files.  This way folks can open and correctly
>  >    lock indexes which are read-only to them.
> 
> I just assumed that this was an optional feature.
> 
> I think this is a dangerous change and should be disabled by default (or 
> only enabled with lock files can't be used due to read only media).

Why is this dangerous?  Are you concerned about malicious users locking 
indexes in a denial of service attack?  If so, perhaps we should have an 
option to change where locks are stored, so that they could be, e.g., 
moved to /var/lock/lucene or somesuch which could have special protections.

Before this patch, folks could not open an index in a read-only manner 
unless they had write access to its directory.  I think that is a larger 
bug and more dangerous, as it means that anyone who can search an index 
can destroy it.

I think it is proper that locks are not stored in the same place as the 
index, as in many cases this is not writable by the searching 
application, and the lock directory should be writable by all who can 
read the index.

Doug


---------------------------------------------------------------------
To unsubscribe, e-mail: lucene-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: lucene-user-help@jakarta.apache.org


Mime
View raw message