[jira] [Commented] (SOLR-13991) clean up permissions in solr-tests.policy

Mon, 02 Dec 2019 17:27:43 -0800 


    [ 
https://issues.apache.org/jira/browse/SOLR-13991?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16986492#comment-16986492
 ] 

Robert Muir commented on SOLR-13991:
------------------------------------

and messed myself up running tests in a vm without explicitly setting 
tests.jvms=N, and it picked 1. too many beers waiting...

this patch is already half way through the tests on linux, too. Since its tests 
code only, I feel like I've done more than my due diligence. There is literally 
only so much time in the day. Will let jenkins sort it out.

I figure there is a 50% chance windows jenkins will puke on the change and 
require some additional permissions (THANKS HADOOP), but i'll pay attn and deal 
with it as necessary.

> clean up permissions in solr-tests.policy
> -----------------------------------------
>
>                 Key: SOLR-13991
>                 URL: https://issues.apache.org/jira/browse/SOLR-13991
>             Project: Solr
>          Issue Type: Improvement
>      Security Level: Public(Default Security Level. Issues are Public) 
>            Reporter: Robert Muir
>            Priority: Major
>         Attachments: SOLR-13991.patch, SOLR-13991.patch, SOLR-13991.patch, 
> SOLR-13991.patch
>
>
> The solr-tests.policy is currently way too lenient. Its useful for tests but 
> pretty worthless at defending against any attacker "for real"
> For example imagine i can execute arbitrary java-ish code:
> {code}
> Runtime.getRuntime().exec("id");
> {code}
> With a security manager enabled, I'd get an exception like this:
> java.security.AccessControlException: access denied ("java.io.FilePermission" 
> "<<ALL FILES>>" "execute")
> Because the current policy is so lenient and has wildcard RuntimePermission, 
> the next thing i'd try (disable security manager, then launch process) would 
> happily execute:
> {code}
> System.setSecurityManager(null);Runtime.getRuntime().exec("id");
> {code}
> That's because the current wildcard permission allows 
> {{RuntimePermission("setSecurityManager")}}. 
> There are other variants I could use, some explained by java's docs: 
> https://docs.oracle.com/javase/7/docs/api/java/lang/RuntimePermission.html
> It will take time and pain to clean up this stuff: e.g. fixing code and maybe 
> even third-party dependencies, but gotta start somewhere. I think splitting 
> up the wildcards is a good first step :)



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to