[jira] [Commented] (SOLR-13986) remove "execute" permission from solr-tests.policy

Sat, 30 Nov 2019 19:33:49 -0800 


    [ 
https://issues.apache.org/jira/browse/SOLR-13986?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16985475#comment-16985475
 ] 

Robert Muir commented on SOLR-13986:
------------------------------------

I can't hack around all the broken hadoop code here. The last bad guy is "DF" 
class which should not even exist. But it executes and parses output of "df" 
command, instead of using e.g. java's FileStore API. And there is definitely no 
exception i can send to it, to make it go away. The hadoop code is just too 
broken.

We can shove it under the rug, disable 2 or 3 hdfs tests (which from what i can 
tell, weren't working correctly anyway), until hadoop shit can be fixed. 
Personally, I'm not motivated to try to fix hadoop code in order to prevent RCE 
in solr. And this weekend is coming to an end and my time will be up to try to 
get things moving.

Unrelated to these specific problems, It seems really important to move or 
remove this hadoop shit out of the solr core: It is really unreasonable that 
solr core depends on hadoop. that's gonna simply block any progress improving 
its security, because solr code will get dragged down by hadoop's code.


> remove "execute" permission from solr-tests.policy
> --------------------------------------------------
>
>                 Key: SOLR-13986
>                 URL: https://issues.apache.org/jira/browse/SOLR-13986
>             Project: Solr
>          Issue Type: Improvement
>      Security Level: Public(Default Security Level. Issues are Public) 
>            Reporter: Robert Muir
>            Priority: Major
>         Attachments: SOLR-13986-notyet.patch, SOLR-13986.patch, 
> SOLR-13986.patch
>
>
> If we don't really need to execute processes, we can take the permission 
> away. That way any attempt to execute something results in a 
> SecurityException rather than running a process.
> It is necessary to first fix the tests policy before thinking about 
> supporting securitymanager in solr. This way we can ensure functionality does 
> not break via our tests.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@lucene.apache.org
For additional commands, e-mail: issues-h...@lucene.apache.org

Reply via email to