[
https://issues.apache.org/jira/browse/SOLR-13983?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Robert Muir resolved SOLR-13983.
--------------------------------
Fix Version/s: 8.5
Resolution: Fixed
> remove or replace process execution in SystemInfoHandler
> --------------------------------------------------------
>
> Key: SOLR-13983
> URL: https://issues.apache.org/jira/browse/SOLR-13983
> Project: Solr
> Issue Type: Improvement
> Reporter: Robert Muir
> Priority: Major
> Fix For: 8.5
>
> Attachments: SOLR-13983.patch
>
>
> SystemInfoHandler is the only place in solr code executing processes.
> Since solr is a server/long running process listening to HTTP, ideally
> process execution could be disabled (e.g. with security manager). But first
> this code needs to be removed or replaced, so that there is no legitimate use
> of it:
> {noformat}
> try {
> if (!Constants.WINDOWS) {
> info.add( "uname", execute( "uname -a" ) );
> info.add( "uptime", execute( "uptime" ) );
> }
> } catch( Exception ex ) {
> log.warn("Unable to execute command line tools to get operating system
> properties.", ex);
> }
> return info;
> {noformat}
> It already looks like its getting data from OS MXbean here, so maybe this
> logic is simply outdated or not needed. It seems to be "best-effort" anyway.
> Alternatively similar stuff could be fetched by reading from e.g. /proc file
> system location if needed.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@lucene.apache.org
For additional commands, e-mail: issues-h...@lucene.apache.org
