Re: Objection to using /tmp for lock files.

Sun, 23 Nov 2003 21:09:11 -0800

Doug Cutting wrote:

Kevin A. Burton wrote:

When I first read this changelog entry:

 > 2. Changed file locking to place lock files in
 >    System.getProperty("java.io.tmpdir"), where all users are
 >    permitted to write files.  This way folks can open and correctly
 >    lock indexes which are read-only to them.

I just assumed that this was an optional feature.

I think this is a dangerous change and should be disabled by default (or only enabled with lock files can't be used due to read only media).


Why is this dangerous? Are you concerned about malicious users locking indexes in a denial of service attack? If so, perhaps we should have an option to change where locks are stored, so that they could be, e.g., moved to /var/lock/lucene or somesuch which could have special protections.

Before this patch, folks could not open an index in a read-only manner unless they had write access to its directory. I think that is a larger bug and more dangerous, as it means that anyone who can search an index can destroy it.

I think it is proper that locks are not stored in the same place as the index, as in many cases this is not writable by the searching application, and the lock directory should be writable by all who can read the index.

On machines with multiple users /tmp files this could potentially be used to DOS a machine. It isn't a HUGE issue but is one regardless.

My major issue was to change behavior. I'm sure a lot of existing code depends on the current locking mechanism.

Since this is only for a RARE occasion (read only indexes) my suggestion is to keep the indexes where they were and have people enable this when they want readonly indexes.

Kevin

--
   NewsMonster - http://www.newsmonster.org/

Kevin A. Burton, Location - San Francisco, CA, Cell - 415.595.9965
      AIM - sfburtonator,  Web - http://www.peerfear.org/
GPG fingerprint: 4D20 40A0 C734 307E C7B4  DCAA 0303 3AC5 BD9D 7C4D
 IRC - freenode.net #infoanarchy | #p2p-hackers | #newsmonster



---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to