[ 
https://issues.apache.org/jira/browse/SOLR-14015?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16989107#comment-16989107
 ] 

Chris M. Hostetter commented on SOLR-14015:
-------------------------------------------

We're seeing a lot of jenkins failures, from multiple hosts/OS/jvms related to 
a failure of the JVM (when trying to do low level stuff like create temp files) 
to read "/dev/./urandom"...
{noformat}
   [junit4]    > Caused by: java.security.AccessControlException: access denied 
("java.io.FilePermission" "/dev/./urandom" "read")
{noformat}

These failures reproduce for me locally on master (as of 
"d2b01ef28f918e2f3575081c206203be49889501") and git bisect identifies 
"c4126ef858b9bac167f51b3c08d51dc28404ced9" as the commit that caused the 
failures.

What's most alarming to me is that although this issue is specific to 
{{solr-tests.policy}} we're seeing these failures across lucene/core tests as 
well – this is the script i was bisecting...
{noformat}
ant clean clean-jars && cd lucene/core && ant test  -Dtestcase=TestDemo 
-Dtests.method=testDemo -Dtests.seed=CE1D4145F9226A8F -Dtests.multiplier=3 
-Dtests.slow=true -Dtests.locale=ln-CG -Dtests.timezone=Asia/Yangon 
-Dtests.asserts=true -Dtests.file.encoding=ISO-8859-1
{noformat}

...based on this failure from 
[https://jenkins.thetaphi.de/view/Lucene-Solr/job/Lucene-Solr-master-Linux/25113/]
 ...

{noformat}
   [junit4]   2> NOTE: reproduce with: ant test  -Dtestcase=TestDemo 
-Dtests.method=testDemo -Dtests.seed=CE1D4145F9226A8F -Dtests.multiplier=3 
-Dtests.slow=true -Dtests.locale=ln-CG -Dtests.timezone=Asia/Yangon 
-Dtests.asserts=true -Dtests.file.encoding=ISO-8859-1
   [junit4] ERROR   0.01s J1 | TestDemo.testDemo <<<
   [junit4]    > Throwable #1: java.lang.ExceptionInInitializerError
   [junit4]    >        at 
__randomizedtesting.SeedInfo.seed([CE1D4145F9226A8F:B1B1FDF0C8FF409F]:0)
   [junit4]    >        at 
java.base/sun.security.provider.SunEntries.<init>(SunEntries.java:110)
   [junit4]    >        at 
java.base/sun.security.provider.Sun.<init>(Sun.java:54)
   [junit4]    >        at 
java.base/sun.security.jca.ProviderConfig.getProvider(ProviderConfig.java:176)
   [junit4]    >        at 
java.base/sun.security.jca.ProviderList.getProvider(ProviderList.java:266)
   [junit4]    >        at 
java.base/sun.security.jca.ProviderList$3.get(ProviderList.java:156)
   [junit4]    >        at 
java.base/sun.security.jca.ProviderList$3.get(ProviderList.java:151)
   [junit4]    >        at 
java.base/java.util.AbstractList$Itr.next(AbstractList.java:371)
   [junit4]    >        at 
java.base/java.security.SecureRandom.getPrngAlgorithm(SecureRandom.java:877)
   [junit4]    >        at 
java.base/java.security.SecureRandom.getDefaultPRNG(SecureRandom.java:261)
   [junit4]    >        at 
java.base/java.security.SecureRandom.<init>(SecureRandom.java:218)
   [junit4]    >        at 
java.base/java.nio.file.TempFileHelper.<clinit>(TempFileHelper.java:55)
   [junit4]    >        at 
java.base/java.nio.file.Files.createTempDirectory(Files.java:1010)
   [junit4]    >        at org.apache.lucene.TestDemo.testDemo(TestDemo.java:51)
   [junit4]    >        at 
java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
   [junit4]    >        at 
java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
   [junit4]    >        at 
java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
   [junit4]    >        at 
java.base/java.lang.reflect.Method.invoke(Method.java:567)
   [junit4]    >        at java.base/java.lang.Thread.run(Thread.java:830)
   [junit4]    > Caused by: java.security.AccessControlException: access denied 
("java.io.FilePermission" "/dev/./urandom" "read")
   [junit4]    >        at 
java.base/java.security.AccessControlContext.checkPermission(AccessControlContext.java:472)
   [junit4]    >        at 
java.base/java.security.AccessController.checkPermission(AccessController.java:1036)
   [junit4]    >        at 
java.base/java.lang.SecurityManager.checkPermission(SecurityManager.java:408)
   [junit4]    >        at 
java.base/java.lang.SecurityManager.checkRead(SecurityManager.java:747)
   [junit4]    >        at 
org.apache.lucene.util.TestSecurityManager.checkRead(TestSecurityManager.java:128)
   [junit4]    >        at java.base/java.io.File.canRead(File.java:764)
   [junit4]    >        at 
java.base/sun.security.provider.NativePRNG$1.run(NativePRNG.java:151)
   [junit4]    >        at 
java.base/sun.security.provider.NativePRNG$1.run(NativePRNG.java:130)
   [junit4]    >        at 
java.base/java.security.AccessController.doPrivileged(AccessController.java:312)
   [junit4]    >        at 
java.base/sun.security.provider.NativePRNG.initIO(NativePRNG.java:129)
   [junit4]    >        at 
java.base/sun.security.provider.NativePRNG.<clinit>(NativePRNG.java:93)
   [junit4]    >        ... 48 more
{noformat}

So how did modifying {{solr-tests.policy}} affect lucene/core????

> remove blanket filesystem read access from solr-tests.policy
> ------------------------------------------------------------
>
>                 Key: SOLR-14015
>                 URL: https://issues.apache.org/jira/browse/SOLR-14015
>             Project: Solr
>          Issue Type: Improvement
>      Security Level: Public(Default Security Level. Issues are Public) 
>            Reporter: Robert Muir
>            Priority: Major
>             Fix For: 8.4
>
>         Attachments: SOLR-14015.patch
>
>
> The lucene policy is strict and specifies only specific locations.
> Unfortunately currently the solr policy allows read to ALL FILES
> The tests shouldn't be able to read anywhere, e.g. my .ssh/ directory or 
> whatever.
> It is a necessary painful step to eventually eliminate directory traversal 
> attacks, etc.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to