[
https://issues.apache.org/jira/browse/LUCENE-5650?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14016976#comment-14016976
]
Steve Rowe edited comment on LUCENE-5650 at 6/3/14 6:47 PM:
------------------------------------------------------------
I'm seeing what look like security manager-related exceptions on trunk with
{{o.a.s.search.TestRecoveryHdfs}} on OS X 10.9.3 w/Oracle Java 1.7.0_55 -
here's the first exception (9 out of 9 non-ignored tests fail):
{noformat}
[junit4] <JUnit4> says 你好! Master seed: 37AA21AA8F6886DF
[junit4] Executing 1 suite with 1 JVM.
[junit4]
[junit4] Started J0 PID([email protected]).
[junit4] Suite: org.apache.solr.search.TestRecoveryHdfs
[...]
[junit4] 2> 7871 T118 oasc.CoreContainer.recordAndThrow ERROR Unable to
create core: collection1 org.apache.solr.common.SolrException: Problem creating
directory:
solr_hdfs_home/collection1/Users/sarowe/svn/lucene/dev/trunk4/solr/build/solr-core/test/J0/temp/solr.search.TestRecoveryHdfs-37AA21AA8F6886DF-001/init-core-data-001
[junit4] 2> at
org.apache.solr.core.SolrCore.<init>(SolrCore.java:885)
[junit4] 2> at
org.apache.solr.core.SolrCore.<init>(SolrCore.java:649)
[junit4] 2> at
org.apache.solr.core.CoreContainer.create(CoreContainer.java:556)
[junit4] 2> at
org.apache.solr.core.CoreContainer$1.call(CoreContainer.java:261)
[junit4] 2> at
org.apache.solr.core.CoreContainer$1.call(CoreContainer.java:253)
[junit4] 2> at
java.util.concurrent.FutureTask.run(FutureTask.java:262)
[junit4] 2> at
java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:471)
[junit4] 2> at
java.util.concurrent.FutureTask.run(FutureTask.java:262)
[junit4] 2> at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
[junit4] 2> at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
[junit4] 2> at java.lang.Thread.run(Thread.java:745)
[junit4] 2> Caused by: java.lang.RuntimeException: Problem creating
directory:
solr_hdfs_home/collection1/Users/sarowe/svn/lucene/dev/trunk4/solr/build/solr-core/test/J0/temp/solr.search.TestRecoveryHdfs-37AA21AA8F6886DF-001/init-core-data-001
[junit4] 2> at
org.apache.solr.store.hdfs.HdfsDirectory.<init>(HdfsDirectory.java:87)
[junit4] 2> at
org.apache.solr.core.HdfsDirectoryFactory.create(HdfsDirectoryFactory.java:148)
[junit4] 2> at
org.apache.solr.core.CachingDirectoryFactory.get(CachingDirectoryFactory.java:351)
[junit4] 2> at
org.apache.solr.core.SolrCore.getNewIndexDir(SolrCore.java:273)
[junit4] 2> at
org.apache.solr.core.SolrCore.initIndex(SolrCore.java:485)
[junit4] 2> at
org.apache.solr.core.SolrCore.<init>(SolrCore.java:791)
[junit4] 2> ... 10 more
[junit4] 2> Caused by: java.security.AccessControlException: access denied
("java.io.FilePermission"
"/Users/sarowe/svn/lucene/dev/trunk4/solr/build/solr-core/test/J0" "write")
[junit4] 2> at
java.security.AccessControlContext.checkPermission(AccessControlContext.java:372)
[junit4] 2> at
java.security.AccessController.checkPermission(AccessController.java:559)
[junit4] 2> at
java.lang.SecurityManager.checkPermission(SecurityManager.java:549)
[junit4] 2> at
java.lang.SecurityManager.checkWrite(SecurityManager.java:979)
[junit4] 2> at java.io.File.mkdir(File.java:1305)
[junit4] 2> at
org.apache.hadoop.fs.RawLocalFileSystem.mkdirs(RawLocalFileSystem.java:427)
[junit4] 2> at
org.apache.hadoop.fs.RawLocalFileSystem.mkdirs(RawLocalFileSystem.java:427)
[junit4] 2> at
org.apache.hadoop.fs.RawLocalFileSystem.mkdirs(RawLocalFileSystem.java:427)
[junit4] 2> at
org.apache.hadoop.fs.RawLocalFileSystem.mkdirs(RawLocalFileSystem.java:427)
[junit4] 2> at
org.apache.hadoop.fs.RawLocalFileSystem.mkdirs(RawLocalFileSystem.java:427)
[junit4] 2> at
org.apache.hadoop.fs.RawLocalFileSystem.mkdirs(RawLocalFileSystem.java:427)
[junit4] 2> at
org.apache.hadoop.fs.RawLocalFileSystem.mkdirs(RawLocalFileSystem.java:427)
[junit4] 2> at
org.apache.hadoop.fs.RawLocalFileSystem.mkdirs(RawLocalFileSystem.java:427)
[junit4] 2> at
org.apache.hadoop.fs.RawLocalFileSystem.mkdirs(RawLocalFileSystem.java:427)
[junit4] 2> at
org.apache.hadoop.fs.RawLocalFileSystem.mkdirs(RawLocalFileSystem.java:427)
[junit4] 2> at
org.apache.hadoop.fs.RawLocalFileSystem.mkdirs(RawLocalFileSystem.java:427)
[junit4] 2> at
org.apache.hadoop.fs.RawLocalFileSystem.mkdirs(RawLocalFileSystem.java:427)
[junit4] 2> at
org.apache.hadoop.fs.RawLocalFileSystem.mkdirs(RawLocalFileSystem.java:427)
[junit4] 2> at
org.apache.hadoop.fs.RawLocalFileSystem.mkdirs(RawLocalFileSystem.java:427)
[junit4] 2> at
org.apache.hadoop.fs.RawLocalFileSystem.mkdirs(RawLocalFileSystem.java:427)
[junit4] 2> at
org.apache.hadoop.fs.RawLocalFileSystem.mkdirs(RawLocalFileSystem.java:427)
[junit4] 2> at
org.apache.hadoop.fs.RawLocalFileSystem.mkdirs(RawLocalFileSystem.java:427)
[junit4] 2> at
org.apache.hadoop.fs.ChecksumFileSystem.mkdirs(ChecksumFileSystem.java:584)
[junit4] 2> at
org.apache.solr.store.hdfs.HdfsDirectory.<init>(HdfsDirectory.java:63)
[junit4] 2> ... 15 more
[junit4]
[...]
[junit4] Tests with failures:
[junit4] - org.apache.solr.search.TestRecoveryHdfs.testLogReplay
[junit4] - org.apache.solr.search.TestRecoveryHdfs.testRemoveOldLogs
[junit4] - org.apache.solr.search.TestRecoveryHdfs.testBufferingFlags
[junit4] - org.apache.solr.search.TestRecoveryHdfs.testCleanShutdown
[junit4] - org.apache.solr.search.TestRecoveryHdfs.testCorruptLog
[junit4] - org.apache.solr.search.TestRecoveryHdfs.testVersionsOnRestart
[junit4] - org.apache.solr.search.TestRecoveryHdfs.testRecoveryMultipleLogs
[junit4] - org.apache.solr.search.TestRecoveryHdfs.testTruncatedLog
[junit4] - org.apache.solr.search.TestRecoveryHdfs.testBuffering
{noformat}
was (Author: steve_rowe):
I'm seeing what look like security manager-related exceptions on trunk with
{{o.a.s.search.TestRecoveryHdfs}} on OS X 10.9.3 w/Oracle Java 1.7.0_55 -
here's the first exception (9 out of 9 non-ignored tests fail):
{quote}
[junit4] <JUnit4> says 你好! Master seed: 37AA21AA8F6886DF
[junit4] Executing 1 suite with 1 JVM.
[junit4]
[junit4] Started J0 PID([email protected]).
[junit4] Suite: org.apache.solr.search.TestRecoveryHdfs
[...]
[junit4] 2> 7871 T118 oasc.CoreContainer.recordAndThrow ERROR Unable to
create core: collection1 org.apache.solr.common.SolrException: Problem creating
directory:
solr_hdfs_home/collection1/Users/sarowe/svn/lucene/dev/trunk4/solr/build/solr-core/test/J0/temp/solr.search.TestRecoveryHdfs-37AA21AA8F6886DF-001/init-core-data-001
[junit4] 2> at
org.apache.solr.core.SolrCore.<init>(SolrCore.java:885)
[junit4] 2> at
org.apache.solr.core.SolrCore.<init>(SolrCore.java:649)
[junit4] 2> at
org.apache.solr.core.CoreContainer.create(CoreContainer.java:556)
[junit4] 2> at
org.apache.solr.core.CoreContainer$1.call(CoreContainer.java:261)
[junit4] 2> at
org.apache.solr.core.CoreContainer$1.call(CoreContainer.java:253)
[junit4] 2> at
java.util.concurrent.FutureTask.run(FutureTask.java:262)
[junit4] 2> at
java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:471)
[junit4] 2> at
java.util.concurrent.FutureTask.run(FutureTask.java:262)
[junit4] 2> at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
[junit4] 2> at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
[junit4] 2> at java.lang.Thread.run(Thread.java:745)
[junit4] 2> Caused by: java.lang.RuntimeException: Problem creating
directory:
solr_hdfs_home/collection1/Users/sarowe/svn/lucene/dev/trunk4/solr/build/solr-core/test/J0/temp/solr.search.TestRecoveryHdfs-37AA21AA8F6886DF-001/init-core-data-001
[junit4] 2> at
org.apache.solr.store.hdfs.HdfsDirectory.<init>(HdfsDirectory.java:87)
[junit4] 2> at
org.apache.solr.core.HdfsDirectoryFactory.create(HdfsDirectoryFactory.java:148)
[junit4] 2> at
org.apache.solr.core.CachingDirectoryFactory.get(CachingDirectoryFactory.java:351)
[junit4] 2> at
org.apache.solr.core.SolrCore.getNewIndexDir(SolrCore.java:273)
[junit4] 2> at
org.apache.solr.core.SolrCore.initIndex(SolrCore.java:485)
[junit4] 2> at
org.apache.solr.core.SolrCore.<init>(SolrCore.java:791)
[junit4] 2> ... 10 more
[junit4] 2> Caused by: java.security.AccessControlException: access denied
("java.io.FilePermission"
"/Users/sarowe/svn/lucene/dev/trunk4/solr/build/solr-core/test/J0" "write")
[junit4] 2> at
java.security.AccessControlContext.checkPermission(AccessControlContext.java:372)
[junit4] 2> at
java.security.AccessController.checkPermission(AccessController.java:559)
[junit4] 2> at
java.lang.SecurityManager.checkPermission(SecurityManager.java:549)
[junit4] 2> at
java.lang.SecurityManager.checkWrite(SecurityManager.java:979)
[junit4] 2> at java.io.File.mkdir(File.java:1305)
[junit4] 2> at
org.apache.hadoop.fs.RawLocalFileSystem.mkdirs(RawLocalFileSystem.java:427)
[junit4] 2> at
org.apache.hadoop.fs.RawLocalFileSystem.mkdirs(RawLocalFileSystem.java:427)
[junit4] 2> at
org.apache.hadoop.fs.RawLocalFileSystem.mkdirs(RawLocalFileSystem.java:427)
[junit4] 2> at
org.apache.hadoop.fs.RawLocalFileSystem.mkdirs(RawLocalFileSystem.java:427)
[junit4] 2> at
org.apache.hadoop.fs.RawLocalFileSystem.mkdirs(RawLocalFileSystem.java:427)
[junit4] 2> at
org.apache.hadoop.fs.RawLocalFileSystem.mkdirs(RawLocalFileSystem.java:427)
[junit4] 2> at
org.apache.hadoop.fs.RawLocalFileSystem.mkdirs(RawLocalFileSystem.java:427)
[junit4] 2> at
org.apache.hadoop.fs.RawLocalFileSystem.mkdirs(RawLocalFileSystem.java:427)
[junit4] 2> at
org.apache.hadoop.fs.RawLocalFileSystem.mkdirs(RawLocalFileSystem.java:427)
[junit4] 2> at
org.apache.hadoop.fs.RawLocalFileSystem.mkdirs(RawLocalFileSystem.java:427)
[junit4] 2> at
org.apache.hadoop.fs.RawLocalFileSystem.mkdirs(RawLocalFileSystem.java:427)
[junit4] 2> at
org.apache.hadoop.fs.RawLocalFileSystem.mkdirs(RawLocalFileSystem.java:427)
[junit4] 2> at
org.apache.hadoop.fs.RawLocalFileSystem.mkdirs(RawLocalFileSystem.java:427)
[junit4] 2> at
org.apache.hadoop.fs.RawLocalFileSystem.mkdirs(RawLocalFileSystem.java:427)
[junit4] 2> at
org.apache.hadoop.fs.RawLocalFileSystem.mkdirs(RawLocalFileSystem.java:427)
[junit4] 2> at
org.apache.hadoop.fs.RawLocalFileSystem.mkdirs(RawLocalFileSystem.java:427)
[junit4] 2> at
org.apache.hadoop.fs.RawLocalFileSystem.mkdirs(RawLocalFileSystem.java:427)
[junit4] 2> at
org.apache.hadoop.fs.ChecksumFileSystem.mkdirs(ChecksumFileSystem.java:584)
[junit4] 2> at
org.apache.solr.store.hdfs.HdfsDirectory.<init>(HdfsDirectory.java:63)
[junit4] 2> ... 15 more
[junit4]
[...]
[junit4] Tests with failures:
[junit4] - org.apache.solr.search.TestRecoveryHdfs.testLogReplay
[junit4] - org.apache.solr.search.TestRecoveryHdfs.testRemoveOldLogs
[junit4] - org.apache.solr.search.TestRecoveryHdfs.testBufferingFlags
[junit4] - org.apache.solr.search.TestRecoveryHdfs.testCleanShutdown
[junit4] - org.apache.solr.search.TestRecoveryHdfs.testCorruptLog
[junit4] - org.apache.solr.search.TestRecoveryHdfs.testVersionsOnRestart
[junit4] - org.apache.solr.search.TestRecoveryHdfs.testRecoveryMultipleLogs
[junit4] - org.apache.solr.search.TestRecoveryHdfs.testTruncatedLog
[junit4] - org.apache.solr.search.TestRecoveryHdfs.testBuffering
{noformat}
> Enforce read-only access to any path outside the temporary folder via
> security manager
> --------------------------------------------------------------------------------------
>
> Key: LUCENE-5650
> URL: https://issues.apache.org/jira/browse/LUCENE-5650
> Project: Lucene - Core
> Issue Type: Improvement
> Components: general/test
> Reporter: Ryan Ernst
> Assignee: Dawid Weiss
> Priority: Minor
> Fix For: 4.9, 5.0
>
> Attachments: LUCENE-5650.patch, LUCENE-5650.patch, LUCENE-5650.patch,
> LUCENE-5650.patch, dih.patch
>
>
> The recent refactoring to all the create temp file/dir functions (which is
> great!) has a minor regression from what existed before. With the old
> {{LuceneTestCase.TEMP_DIR}}, the directory was created if it did not exist.
> So, if you set {{java.io.tmpdir}} to {{"./temp"}}, then it would create that
> dir within the per jvm working dir. However, {{getBaseTempDirForClass()}}
> now does asserts that check the dir exists, is a dir, and is writeable.
> Lucene uses {{"."}} as {{java.io.tmpdir}}. Then in the test security
> manager, the per jvm cwd has read/write/execute permissions. However, this
> allows tests to write to their cwd, which I'm trying to protect against (by
> setting cwd to read/execute in my test security manager).
--
This message was sent by Atlassian JIRA
(v6.2#6252)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
