lucene-java-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Kevin A. Burton" <bur...@newsmonster.org>
Subject Re: Objection to using /tmp for lock files.
Date Mon, 24 Nov 2003 04:05:34 GMT
Doug Cutting wrote:

> Kevin A. Burton wrote:
>
>> When I first read this changelog entry:
>>
>>  > 2. Changed file locking to place lock files in
>>  >    System.getProperty("java.io.tmpdir"), where all users are
>>  >    permitted to write files.  This way folks can open and correctly
>>  >    lock indexes which are read-only to them.
>>
>> I just assumed that this was an optional feature.
>>
>> I think this is a dangerous change and should be disabled by default 
>> (or only enabled with lock files can't be used due to read only media).
>
>
> Why is this dangerous?  Are you concerned about malicious users 
> locking indexes in a denial of service attack?  If so, perhaps we 
> should have an option to change where locks are stored, so that they 
> could be, e.g., moved to /var/lock/lucene or somesuch which could have 
> special protections.
>
> Before this patch, folks could not open an index in a read-only manner 
> unless they had write access to its directory.  I think that is a 
> larger bug and more dangerous, as it means that anyone who can search 
> an index can destroy it.
>
> I think it is proper that locks are not stored in the same place as 
> the index, as in many cases this is not writable by the searching 
> application, and the lock directory should be writable by all who can 
> read the index.

On machines with multiple users /tmp files this could potentially be 
used to DOS a machine.  It isn't a HUGE issue but is one regardless.

My major issue was to change behavior. I'm sure a lot of existing code 
depends on the current locking mechanism.

Since this is only for a RARE occasion (read only indexes) my suggestion 
is to keep the indexes where they were and have people enable this when 
they want readonly indexes.

Kevin

-- 
    NewsMonster - http://www.newsmonster.org/

Kevin A. Burton, Location - San Francisco, CA, Cell - 415.595.9965
       AIM - sfburtonator,  Web - http://www.peerfear.org/
GPG fingerprint: 4D20 40A0 C734 307E C7B4  DCAA 0303 3AC5 BD9D 7C4D
  IRC - freenode.net #infoanarchy | #p2p-hackers | #newsmonster



---------------------------------------------------------------------
To unsubscribe, e-mail: lucene-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: lucene-user-help@jakarta.apache.org


Mime
View raw message