[jira] [Commented] (SOLR-10644) solr.in.sh installed by install script should be writable by solr user

Thu, 11 May 2017 10:00:26 -0700 

    [ 
https://issues.apache.org/jira/browse/SOLR-10644?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16006777#comment-16006777
 ] 

Hoss Man commented on SOLR-10644:
---------------------------------

wait ... what?

FWIW: I'm -0 on the installer making {{solr.in.sh}} writable by any user other 
then the user running the installer (ie: "root").

In general this seems like a really risky step that could make potential 
security holes in the future 10x worse then they would be otherwise.  Example: 
imagine a hypothetical future security hole where a solr request handler allows 
writting to files on disk.  if the filesystem permissions of {{solr.in.sh}} 
mean it's writable by the {{solr}} user running the webapp, now an attacker can 
influence the way the solr webapp is run on restart, opening up more holes.

if the motivation here is to allow {{bin/solr ...}} subcommands to easily muck 
with {{solr.in.sh}} then the solution to that objective should be error 
checking and help messages instructing the user that those specific commands 
need to be run as root via {{sudo bin/solr ... }}

In general, the places a service's effective UID should be able to write to 
should be *VERY* limited, and constrained tothe well known place where that 
service keeps it's "data" ... enabling apps with the ability to overwrite their 
configuration is a big red flag.

> solr.in.sh installed by install script should be writable by solr user
> ----------------------------------------------------------------------
>
>                 Key: SOLR-10644
>                 URL: https://issues.apache.org/jira/browse/SOLR-10644
>             Project: Solr
>          Issue Type: Improvement
>      Security Level: Public(Default Security Level. Issues are Public) 
>          Components: scripts and tools
>            Reporter: Jan Høydahl
>            Assignee: Jan Høydahl
>             Fix For: 6.6, master (7.0)
>
>         Attachments: SOLR-10644.patch
>
>
> Spinoff from SOLR-8440
> {{install_solr_service.sh}} installs {{solr.in.sh}} as world-readable but not 
> solr user writable:
> {noformat}
> -rw-r--r-- 1 root root 5968 Feb 15 14:55 /etc/default/solr.in.sh
> {noformat}
> For better security, and ease for scripts to update solr.in.sh, this should 
> change to:
> {noformat}
> -rw-rw---- 1 root solr 5968 Feb 15 14:55 /etc/default/solr.in.sh
> {noformat}



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to