lucene-java-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Kevin A. Burton" <>
Subject Re: Objection to using /tmp for lock files.
Date Mon, 24 Nov 2003 04:05:34 GMT
Doug Cutting wrote:

> Kevin A. Burton wrote:
>> When I first read this changelog entry:
>>  > 2. Changed file locking to place lock files in
>>  >    System.getProperty(""), where all users are
>>  >    permitted to write files.  This way folks can open and correctly
>>  >    lock indexes which are read-only to them.
>> I just assumed that this was an optional feature.
>> I think this is a dangerous change and should be disabled by default 
>> (or only enabled with lock files can't be used due to read only media).
> Why is this dangerous?  Are you concerned about malicious users 
> locking indexes in a denial of service attack?  If so, perhaps we 
> should have an option to change where locks are stored, so that they 
> could be, e.g., moved to /var/lock/lucene or somesuch which could have 
> special protections.
> Before this patch, folks could not open an index in a read-only manner 
> unless they had write access to its directory.  I think that is a 
> larger bug and more dangerous, as it means that anyone who can search 
> an index can destroy it.
> I think it is proper that locks are not stored in the same place as 
> the index, as in many cases this is not writable by the searching 
> application, and the lock directory should be writable by all who can 
> read the index.

On machines with multiple users /tmp files this could potentially be 
used to DOS a machine.  It isn't a HUGE issue but is one regardless.

My major issue was to change behavior. I'm sure a lot of existing code 
depends on the current locking mechanism.

Since this is only for a RARE occasion (read only indexes) my suggestion 
is to keep the indexes where they were and have people enable this when 
they want readonly indexes.


    NewsMonster -

Kevin A. Burton, Location - San Francisco, CA, Cell - 415.595.9965
       AIM - sfburtonator,  Web -
GPG fingerprint: 4D20 40A0 C734 307E C7B4  DCAA 0303 3AC5 BD9D 7C4D
  IRC - #infoanarchy | #p2p-hackers | #newsmonster

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message