[
https://issues.apache.org/jira/browse/SOLR-13986?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16985477#comment-16985477
]
Shalin Shekhar Mangar commented on SOLR-13986:
----------------------------------------------
bq. Unrelated to these specific problems, It seems really important to move or
remove this hadoop shit out of the solr core: It is really unreasonable that
solr core depends on hadoop. that's gonna simply block any progress improving
its security, because solr code will get dragged down by hadoop's code.
I agree that hadoop specific code should live in a contrib. I'll open an issue
to do that.
> remove "execute" permission from solr-tests.policy
> --------------------------------------------------
>
> Key: SOLR-13986
> URL: https://issues.apache.org/jira/browse/SOLR-13986
> Project: Solr
> Issue Type: Improvement
> Security Level: Public(Default Security Level. Issues are Public)
> Reporter: Robert Muir
> Priority: Major
> Attachments: SOLR-13986-notyet.patch, SOLR-13986.patch,
> SOLR-13986.patch
>
>
> If we don't really need to execute processes, we can take the permission
> away. That way any attempt to execute something results in a
> SecurityException rather than running a process.
> It is necessary to first fix the tests policy before thinking about
> supporting securitymanager in solr. This way we can ensure functionality does
> not break via our tests.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
