[
https://issues.apache.org/jira/browse/SOLR-14158?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17008760#comment-17008760
]
Noble Paul commented on SOLR-14158:
-----------------------------------
The problem is anyone who uses this new feature will have a backward
incompatible system that's insecure by nature.
The threat levels are much higher in this case. An attacker can run malicious
code if ZK is compromised. We should not leave this hole open
> package manager to read keys from packagestore and not ZK
> ----------------------------------------------------------
>
> Key: SOLR-14158
> URL: https://issues.apache.org/jira/browse/SOLR-14158
> Project: Solr
> Issue Type: Bug
> Security Level: Public(Default Security Level. Issues are Public)
> Components: packages
> Affects Versions: 8.4
> Reporter: Noble Paul
> Assignee: Noble Paul
> Priority: Blocker
> Labels: packagemanager
> Fix For: 8.4.1
>
>
> The security of the package system relies on securing ZK. It's much easier
> for users to secure the file system than securing ZK.
> We provide an option to read public keys from file store.
> This will
> * Have a special directory called {{_trusted_}} . Direct writes are forbidden
> to that directory over http
> * The CLI directly writes to the keys to
> {{<SOLR_HOME>/filestore/_trusted_/keys/}} directory. Other nodes are asked to
> fetch the public key files from that node
> * Package artifacts will continue to be uploaded over http
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@lucene.apache.org
For additional commands, e-mail: issues-h...@lucene.apache.org
