[
https://issues.apache.org/jira/browse/SOLR-4882?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13671510#comment-13671510
]
Uwe Schindler edited comment on SOLR-4882 at 5/31/13 5:41 PM:
--------------------------------------------------------------
Patch that removes the legacy resource loader from velocity. It now only uses
the SolrResourceLoader (wrapped) and the ParameterResourceLoader.
As SolrResourceLoader can also read files from the instance dir, there is no
backside, but you can no longer escape the sandbox. Also the special setting
for the base dir to velocity default file loader was removed, as it allowed to
change the "base" dir for loading vm files to be changed from the request URL
-> same problem as the XSL issues
was (Author: thetaphi):
Patch that removes the legacy resource loader from velocity. It now only
uses the SolrResourceLoader (wrapped) and the ParameterResourceLoader.
As SolrResourceLoader can also read files from the instance dir, there is no
backside, but you can no longer escape the sandbox.
> Restrict SolrResourceLoader to only classloader accessible files and instance
> dir
> ---------------------------------------------------------------------------------
>
> Key: SOLR-4882
> URL: https://issues.apache.org/jira/browse/SOLR-4882
> Project: Solr
> Issue Type: Improvement
> Affects Versions: 4.3
> Reporter: Uwe Schindler
> Assignee: Uwe Schindler
> Fix For: 5.0, 4.4
>
> Attachments: SOLR-4882.patch, SOLR-4882.patch
>
>
> SolrResourceLoader currently allows to load files from any
> absolute/CWD-relative path, which is used as a fallback if the resource
> cannot be looked up via the class loader.
> We should limit this fallback to sub-dirs below the instanceDir passed into
> the ctor. The CWD special case should be removed, too (the virtual CWD is
> instance's config or root dir).
> The reason for this is security related. Some Solr components allow to pass
> in resource paths via REST parameters (e.g. XSL stalesheets,...) and load
> them via resource loader. By this it is possible to limit the whole thing to
> not allow loading e.g. /etc/passwd as a stylesheet.
> In 4.4 we should add a solrconfig.xml setting to enable the old behaviour,
> but disable it by default, if your existing installation requires the files
> from outside the instance dir which are not available via the URLClassLoader
> used internally. In Lucene 5.0 we should not support this anymore.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
