[
https://issues.apache.org/jira/browse/SOLR-4882?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13670798#comment-13670798
]
Hoss Man commented on SOLR-4882:
--------------------------------
bq. ... In Lucene 5.0 we should not support this anymore.
FWIW: it's not hard to imagine situations where people have legitimate desire
for using absolute paths like this. ie: loading synonyms or stop words from
some central location outside of their solr home dir (eg:
/etc/solr-common/stopwords/en.txt, used by multiple solr instances, with diff
solr home dirs, running on diff ports.
With that in mind, I don't think it makes sense to completely remove this
ability -- but it certainly makes sense to disable it by default and document
the risks.
bq. In 4.4 we should add a solrconfig.xml setting to enable the old behaviour,
but disable it by default...
Given the lifecycle of the resource loaders, it may not be easy to have this
configuration per-core in solrconfig.xml. I'm also not sure if it's worth
adding as a solr.xml config option given the complexities in how that file is
peristet after core operations (and how many times we've screwed ourselves
adding things to that file)
Given that this is something (i think) we should generally discourage, and
something that i don't think we should be shy about making "hard" to turn on,
it might be enough just to say that the only way you can enable it is with an
explicit (and scary named) system property that affects the entire Solr
instance?
> Restrict SolrResourceLoader to only classloader accessible files and instance
> dir
> ---------------------------------------------------------------------------------
>
> Key: SOLR-4882
> URL: https://issues.apache.org/jira/browse/SOLR-4882
> Project: Solr
> Issue Type: Improvement
> Affects Versions: 4.3
> Reporter: Uwe Schindler
> Assignee: Uwe Schindler
> Fix For: 5.0, 4.4
>
>
> SolrResourceLoader currently allows to load files from any
> absolute/CWD-relative path, which is used as a fallback if the resource
> cannot be looked up via the class loader.
> We should limit this fallback to sub-dirs below the instanceDir passed into
> the ctor. The CWD special case should be removed, too (the virtual CWD is
> instance's config or root dir).
> The reason for this is security related. Some Solr components allow to pass
> in resource paths via REST parameters (e.g. XSL stalesheets,...) and load
> them via resource loader. By this it is possible to limit the whole thing to
> not allow loading e.g. /etc/passwd as a stylesheet.
> In 4.4 we should add a solrconfig.xml setting to enable the old behaviour,
> but disable it by default, if your existing installation requires the files
> from outside the instance dir which are not available via the URLClassLoader
> used internally. In Lucene 5.0 we should not support this anymore.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
