Robert Muir created SOLR-14015:
----------------------------------

             Summary: remove blanket filesystem read access from 
solr-tests.policy
                 Key: SOLR-14015
                 URL: https://issues.apache.org/jira/browse/SOLR-14015
             Project: Solr
          Issue Type: Improvement
      Security Level: Public (Default Security Level. Issues are Public)
            Reporter: Robert Muir


The lucene policy is strict and specifies only specific locations.
Unfortunately currently the solr policy allows read to ALL FILES

The tests shouldn't be able to read anywhere, e.g. my .ssh/ directory or 
whatever.
It is a necessary painful step to eventually eliminate directory traversal 
attacks, etc.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to