[jira] [Commented] (SOLR-16776) Disable remote streaming by default using sysprop

[Ishan Chattopadhyaya (Jira)]

    [ 
https://issues.apache.org/jira/browse/SOLR-16776?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17718009#comment-17718009
 ] 

Ishan Chattopadhyaya commented on SOLR-16776:
---------------------------------------------

{quote} Maybe both layers for backwards compatibility for now... possibly with 
a simplification in v10?
{quote}
Yes, David, that's the plan. Removing "enableRemoteStreaming" from a 
configset/collection level is an enormous undertaking. Here's a glimpse of how 
hard it is:
{code:java}
ishan@x1extreme ~/code/solr (main) $ grep "enableRemoteStream" -rn solr|wc -l
64
{code}
 

Lets do it later, in a separate ticket, in Solr 10x. Or rather, let us even 
deprecate and remove that feature in a separate ticket (later).
{quote}I propose here "solr.enableRemoteStreaming" or just 
"enableRemoteStreaming".
{quote}
+1, thanks.

> Disable remote streaming by default using sysprop
> -------------------------------------------------
>
>                 Key: SOLR-16776
>                 URL: https://issues.apache.org/jira/browse/SOLR-16776
>             Project: Solr
>          Issue Type: Bug
>      Security Level: Public(Default Security Level. Issues are Public) 
>            Reporter: Ishan Chattopadhyaya
>            Assignee: Ishan Chattopadhyaya
>            Priority: Blocker
>             Fix For: 9.2.1
>
>         Attachments: SOLR-16776.patch
>
>
> Remote streaming is a vulnerability in Solr that allows a user to make Solr 
> talk to arbitrary HTTP servers. It is disabled by default, but easily enabled 
> using config API. This issue is to disable it more properly, at a node level, 
> and add an additional system property per node to disable it by default. To 
> continue using this feature, pass {{-Denable.remote.streams=true}} to the 
> startup, and then enable it on a per collection/configset basis as needed.
>  
> As per Skay's report 
> [https://twitter.com/Skay_00/status/1646870062601756672|https://twitter.com/Skay_00/status/1646870062601756672),]
>  remote code execution is possible in unsecured Solr clusters where 
> authentication hasn't been enabled. This ticket is to mitigate one aspect of 
> that, i.e. remote streaming. While our recommendation to all users remains 
> the same, i.e. to secure Solr installations with authentication and 
> authorization, I thank Skay for his detailed report.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@solr.apache.org
For additional commands, e-mail: issues-h...@solr.apache.org