Robert Muir created SOLR-14015:
----------------------------------
Summary: remove blanket filesystem read access from
solr-tests.policy
Key: SOLR-14015
URL: https://issues.apache.org/jira/browse/SOLR-14015
Project: Solr
Issue Type: Improvement
Security Level: Public (Default Security Level. Issues are Public)
Reporter: Robert Muir
The lucene policy is strict and specifies only specific locations.
Unfortunately currently the solr policy allows read to ALL FILES
The tests shouldn't be able to read anywhere, e.g. my .ssh/ directory or
whatever.
It is a necessary painful step to eventually eliminate directory traversal
attacks, etc.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]