[jira] [Commented] (SOLR-14064) remove some hadoop brain-damage from build environment

Wed, 11 Dec 2019 21:17:05 -0800 


    [ 
https://issues.apache.org/jira/browse/SOLR-14064?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16994227#comment-16994227
 ] 

Robert Muir commented on SOLR-14064:
------------------------------------

There were two major problems causing these hacks-on-top-of-hacks:
* stacktrace inspection of hadoop "required" process executions: they use $PATH 
hence require <<ALL FILES>> EXECUTE. Also means overriding SecurityManager 
methods without other setup. This breaks java security model, it falls apart 
unless SecurityManager has AllPermission. But, <<ALL FILES>> EXECUTE. gotta do 
what you gotta do.
* classpath pollution of the ant build runtime into the tests classpath 
(LUCENE-9090). This caused me to add initial permissions to allow crazy shit 
that was happening from solr tests -> hadoop -> jetty -> (scan of total 
classpath loading classes, maybe running some clinit, how fun could this get, 
etc)

> remove some hadoop brain-damage from build environment
> ------------------------------------------------------
>
>                 Key: SOLR-14064
>                 URL: https://issues.apache.org/jira/browse/SOLR-14064
>             Project: Solr
>          Issue Type: Bug
>      Security Level: Public(Default Security Level. Issues are Public) 
>            Reporter: Robert Muir
>            Priority: Major
>         Attachments: SOLR-14064.patch
>
>
> Some permissions and build hacks were made on behalf of hadoop. These were 
> most definitely hacks on top of hacks.
> The background is that the hadoop code is a true nightmare to deal with, if 
> you want to sandbox code with SecurityManager.
> Now that [~krisden] has wrestled it (at least mostly?) to the ground, let's 
> remove the hacks from solr security policy and lucene build that I added. We 
> need to be strict: ensure things are really working (otherwise we get 
> SecurityException). This also makes the configuration simpler.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@lucene.apache.org
For additional commands, e-mail: issues-h...@lucene.apache.org

Reply via email to