Uploaded image for project: 'Solr'
  1. Solr
  2. SOLR-14015

remove blanket filesystem read access from solr-tests.policy

    XMLWordPrintableJSON

Details

    • Improvement
    • Status: Closed
    • Major
    • Resolution: Fixed
    • None
    • 8.4
    • None
    • None

    Description

      The lucene policy is strict and specifies only specific locations.
      Unfortunately currently the solr policy allows read to ALL FILES

      The tests shouldn't be able to read anywhere, e.g. my .ssh/ directory or whatever.
      It is a necessary painful step to eventually eliminate directory traversal attacks, etc.

      Attachments

        1. SOLR-14015.patch
          7 kB
          Robert Muir

        Issue Links

          relates to

          Improvement - An improvement or enhancement to an existing feature or task. SOLR-14020 move hadoop hacks out of lucene TestSecurityManager into a solr one

          • Major - Major loss of function.
          • Closed

          Activity

            People

              rcmuir Robert Muir
              rcmuir Robert Muir
              Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: