[jira] [Commented] (SOLR-10648) Do not expose STOP.PORT and STOP.KEY in sysProps

Fri, 05 Oct 2018 02:09:16 -0700 


    [ 
https://issues.apache.org/jira/browse/SOLR-10648?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16639511#comment-16639511
 ] 

Jan Høydahl commented on SOLR-10648:
------------------------------------

Reading the Jetty docs at 
[http://www.eclipse.org/jetty/documentation/current/start-jar.html#_startup_shutdown_command_line]
 it appears that the STOP.PORT only listens on {{localhost}}, meaning that you 
have to have shell access to the server in order to stop Solr. I'll update the 
description.

You could argue that someone with shell access to the same box should not be 
able to stop Solr if he/she does not have access to the 'solr' user or root, 
but given that Solr most often is the only application running on a server, 
those with access are likely Solr admins. And even if we redact the STOP:KEY in 
the UI, a {{ps -aux}} will still reveal the cmdline, so it does not really fix 
that issue.

I propose to close this as won't fix. But herhaps open another issue to unify 
Metrics hiddenSysProps and RedactionUtils

> Do not expose STOP.PORT and STOP.KEY in sysProps
> ------------------------------------------------
>
>                 Key: SOLR-10648
>                 URL: https://issues.apache.org/jira/browse/SOLR-10648
>             Project: Solr
>          Issue Type: Improvement
>      Security Level: Public(Default Security Level. Issues are Public) 
>          Components: scripts and tools
>            Reporter: Jan Høydahl
>            Priority: Major
>              Labels: security
>
> Currently anyone with HTTP access to Solr can see the Admin UI and all the 
> system properties. In there you find
> {noformat}
> -DSTOP.KEY=solrrocks
> -DSTOP.PORT=7983
> {noformat}
> This means that anyone with this info can shut down Solr by hitting that port 
> with the key (if it is not firewalled).
> I think the simple solution is to add STOP.PORT and STOP.KEY from 
> {{$SOLR_START_OPTS}} to the {{$SOLR_JETTY_CONFIG[@]}} variable. It will still 
> be visible on the cmdline but not over HTTP.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to