[jira] [Commented] (LUCENE-5650) Enforce read-only access to any path outside the temporary folder via security manager

Fri, 22 Aug 2014 15:23:11 -0700 

    [ 
https://issues.apache.org/jira/browse/LUCENE-5650?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14107604#comment-14107604
 ] 

Hoss Man commented on LUCENE-5650:
----------------------------------

Back in may [~dweiss] mentioned letting this soak on trunk a bit before 
backporting ... did it slip through the cracks?

FWIW: SOLR-6410 popped up on 4x but was already fixed on trunk as part of this 
issue, i'm going to backport just the key elements of this issue that related 
to that bug to 4x under the banner of SOLR-6410 in order to backport to 
branch_4_10 as well.

> Enforce read-only access to any path outside the temporary folder via 
> security manager
> --------------------------------------------------------------------------------------
>
>                 Key: LUCENE-5650
>                 URL: https://issues.apache.org/jira/browse/LUCENE-5650
>             Project: Lucene - Core
>          Issue Type: Improvement
>          Components: general/test
>            Reporter: Ryan Ernst
>            Assignee: Dawid Weiss
>            Priority: Minor
>             Fix For: 4.9, 5.0
>
>         Attachments: LUCENE-5650.patch, LUCENE-5650.patch, LUCENE-5650.patch, 
> LUCENE-5650.patch, dih.patch
>
>
> The recent refactoring to all the create temp file/dir functions (which is 
> great!) has a minor regression from what existed before.  With the old 
> {{LuceneTestCase.TEMP_DIR}}, the directory was created if it did not exist.  
> So, if you set {{java.io.tmpdir}} to {{"./temp"}}, then it would create that 
> dir within the per jvm working dir.  However, {{getBaseTempDirForClass()}} 
> now does asserts that check the dir exists, is a dir, and is writeable.
> Lucene uses {{"."}} as {{java.io.tmpdir}}.  Then in the test security 
> manager, the per jvm cwd has read/write/execute permissions.  However, this 
> allows tests to write to their cwd, which I'm trying to protect against (by 
> setting cwd to read/execute in my test security manager).



--
This message was sent by Atlassian JIRA
(v6.2#6252)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to