Robert Muir created SOLR-13993:
----------------------------------
Summary: sandbox velocity template render
Key: SOLR-13993
URL: https://issues.apache.org/jira/browse/SOLR-13993
Project: Solr
Issue Type: Improvement
Security Level: Public (Default Security Level. Issues are Public)
Reporter: Robert Muir
This thing seems dangerous :)
Making the whole solr secure is a whole nother thing: (see e.g. SOLR-13991 and
we haven't even gotten started). Its pretty difficult to convert whole large
app to work securely. It is going to take time.
In the meantime, if we have things that might do something dangerous, and
security manager is enabled, we can put them into a special little sandbox and
throw away the key: for example we can intentionally discard permissions we
don't need so they can't launch stuff, if we really don't trust them, we can
start filtering what classes classloader will load.
This isn't that crazy at all to do, e.g. your web browser does similar tricks
to try to sandbox specific parts that might do something unexpected and cause
security issue.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
