[
https://issues.apache.org/jira/browse/SOLR-14018?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16988509#comment-16988509
]
Robert Muir commented on SOLR-14018:
------------------------------------
this one is likely dependent on a more comprehensive security setup than just
the simple flat model we use for tests.
> sandbox velocity into oblivion
> ------------------------------
>
> Key: SOLR-14018
> URL: https://issues.apache.org/jira/browse/SOLR-14018
> Project: Solr
> Issue Type: Improvement
> Security Level: Public(Default Security Level. Issues are Public)
> Reporter: Robert Muir
> Priority: Major
>
> followup to SOLR-19993.
> The thing has too many read permissions now. it is due to my hacky first stab
> at the thing. instead of wrapping the whole block of code in a sandbox, we
> should go a little deeper, there are two things:
> * Script "engine" (with all the shit needed to compile and run the script)
> * Script compiled code (stuff from the luser that we definitely do not trust)
> If we can split the permissions into these two, then the second one has no
> permissions and can't mess around as much.
> It just takes wrestling, tests, and time.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
