[
https://issues.apache.org/jira/browse/LUCENE-4352?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13447246#comment-13447246
]
Uwe Schindler commented on LUCENE-4352:
---------------------------------------
The thing we can do is to explicitely all actions for RuntimePermission and
leave out exit():
http://docs.oracle.com/javase/6/docs/api/java/lang/RuntimePermission.html
Unfortunately this confuses me: 'This allows an attacker to mount a
denial-of-service attack by automatically forcing the virtual machine to halt.
Note: The "exitVM.*" permission is automatically granted to all code loaded
from the application class path, thus enabling applications to terminate
themselves. Also, the "exitVM" permission is equivalent to "exitVM.*".'
So this appears to me that exiting is always possible from classes that are
inside the application ClassLoader (passed via -classpath to JVM). We could
only forbid it, if Solr would load ZooKeeper in a separate ClassLoader. I have
to try this out.
The second problem is that policy files only allow "grants" not "deny", so if
you grant RuntimePermission.* (as it is currently) you cannot explicitely
forbid it for one code part. You have to do it vice versa: Disallow it for all
(by having the long list of RuntimePermissions instead of "*") and only allow
it for one classloader.
> only the test runner should be able to System.exit
> --------------------------------------------------
>
> Key: LUCENE-4352
> URL: https://issues.apache.org/jira/browse/LUCENE-4352
> Project: Lucene - Core
> Issue Type: Bug
> Reporter: Robert Muir
>
> All others should get SecurityException
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
