[jira] [Updated] (SOLR-14158) package manager to read keys from packagestore and not ZK
[
https://issues.apache.org/jira/browse/SOLR-14158?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Noble Paul updated SOLR-14158:
--
Affects Version/s: 8.4
> package manager to read keys from packagestore and not ZK
> --
>
> Key: SOLR-14158
> URL: https://issues.apache.org/jira/browse/SOLR-14158
> Project: Solr
> Issue Type: Bug
> Security Level: Public(Default Security Level. Issues are Public)
> Components: packages
>Affects Versions: 8.4
>Reporter: Noble Paul
>Assignee: Noble Paul
>Priority: Blocker
> Labels: packagemanager
>
> The security of the package system relies on securing ZK. It's much easier
> for users to secure the file system than securing ZK.
> We provide an option to read public keys from file store.
> This will
> * Have a special directory called {{_trusted_}} . Direct writes are forbidden
> to that directory over http
> * The CLI directly writes to the keys to
> {{/filestore/_trusted_/keys/}} directory. Other nodes are asked to
> fetch the public key files from that node
> * Package artifacts will continue to be uploaded over http
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
-
To unsubscribe, e-mail: issues-unsubscr...@lucene.apache.org
For additional commands, e-mail: issues-h...@lucene.apache.org
[jira] [Updated] (SOLR-14158) package manager to read keys from packagestore and not ZK
[
https://issues.apache.org/jira/browse/SOLR-14158?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Noble Paul updated SOLR-14158:
--
Fix Version/s: 8.4.1
> package manager to read keys from packagestore and not ZK
> --
>
> Key: SOLR-14158
> URL: https://issues.apache.org/jira/browse/SOLR-14158
> Project: Solr
> Issue Type: Bug
> Security Level: Public(Default Security Level. Issues are Public)
> Components: packages
>Affects Versions: 8.4
>Reporter: Noble Paul
>Assignee: Noble Paul
>Priority: Blocker
> Labels: packagemanager
> Fix For: 8.4.1
>
>
> The security of the package system relies on securing ZK. It's much easier
> for users to secure the file system than securing ZK.
> We provide an option to read public keys from file store.
> This will
> * Have a special directory called {{_trusted_}} . Direct writes are forbidden
> to that directory over http
> * The CLI directly writes to the keys to
> {{/filestore/_trusted_/keys/}} directory. Other nodes are asked to
> fetch the public key files from that node
> * Package artifacts will continue to be uploaded over http
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
-
To unsubscribe, e-mail: issues-unsubscr...@lucene.apache.org
For additional commands, e-mail: issues-h...@lucene.apache.org
[jira] [Updated] (SOLR-14158) package manager to read keys from packagestore and not ZK
[
https://issues.apache.org/jira/browse/SOLR-14158?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Noble Paul updated SOLR-14158:
--
Priority: Blocker (was: Major)
> package manager to read keys from packagestore and not ZK
> --
>
> Key: SOLR-14158
> URL: https://issues.apache.org/jira/browse/SOLR-14158
> Project: Solr
> Issue Type: Bug
> Security Level: Public(Default Security Level. Issues are Public)
> Components: packages
>Reporter: Noble Paul
>Assignee: Noble Paul
>Priority: Blocker
> Labels: packagemanager
>
> The security of the package system relies on securing ZK. It's much easier
> for users to secure the file system than securing ZK.
> We provide an option to read public keys from file store.
> This will
> * Have a special directory called {{_trusted_}} . Direct writes are forbidden
> to that directory over http
> * The CLI directly writes to the keys to
> {{/filestore/_trusted_/keys/}} directory. Other nodes are asked to
> fetch the public key files from that node
> * Package artifacts will continue to be uploaded over http
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
-
To unsubscribe, e-mail: issues-unsubscr...@lucene.apache.org
For additional commands, e-mail: issues-h...@lucene.apache.org
[jira] [Updated] (SOLR-14158) package manager to read keys from packagestore and not ZK
[
https://issues.apache.org/jira/browse/SOLR-14158?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Noble Paul updated SOLR-14158:
--
Description:
The security of the package system relies on securing ZK. It's much easier for
users to secure the file system than securing ZK.
We provide an option to read public keys from file store.
This will
* Have a special directory called {{_trusted_}} . Direct writes are forbidden
to that directory over http
* The CLI directly writes to the keys to
{{/filestore/_trusted_/keys/}} directory. Other nodes are asked to
fetch the public key files from that node
* Package artifacts will continue to be uploaded over http
was:
The security of the package system relies on securing ZK. It's much easier for
users to secure the file system than securing ZK.
We provide an option to read public keys from file store. The default behavior
will be to read from ZK
The nodes must be started with {{-Dpkg.keys=filestore}}
This will
* disable the remote {{PUT /api/cluster/files}}
* The CLI will directly write to the keys to
{{/filestore/_trusted_keys/}} dir
* The CLI directly writes the package artifacts to the local solr and ask
other nodes to fetch from this node. Nobody can upload executable jars over a
remote call
* Keys stored in ZK will not be used or trusted. So nobody can attack the
cluster by publishing a malicious key into Solr
> package manager to read keys from packagestore and not ZK
> --
>
> Key: SOLR-14158
> URL: https://issues.apache.org/jira/browse/SOLR-14158
> Project: Solr
> Issue Type: Bug
> Security Level: Public(Default Security Level. Issues are Public)
> Components: packages
>Reporter: Noble Paul
>Assignee: Noble Paul
>Priority: Major
> Labels: packagemanager
>
> The security of the package system relies on securing ZK. It's much easier
> for users to secure the file system than securing ZK.
> We provide an option to read public keys from file store.
> This will
> * Have a special directory called {{_trusted_}} . Direct writes are forbidden
> to that directory over http
> * The CLI directly writes to the keys to
> {{/filestore/_trusted_/keys/}} directory. Other nodes are asked to
> fetch the public key files from that node
> * Package artifacts will continue to be uploaded over http
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
-
To unsubscribe, e-mail: issues-unsubscr...@lucene.apache.org
For additional commands, e-mail: issues-h...@lucene.apache.org
[jira] [Updated] (SOLR-14158) package manager to read keys from packagestore and not ZK
[
https://issues.apache.org/jira/browse/SOLR-14158?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Noble Paul updated SOLR-14158:
--
Description:
The security of the package system relies on securing ZK. It's much easier for
users to secure the file system than securing ZK.
We provide an option to read public keys from file store. The default behavior
will be to read from ZK
The nodes must be started with {{-Dpkg.keys=filestore}}
This will
* disable the remote {{PUT /api/cluster/files}}
* The CLI will directly write to the keys to
{{/filestore/_trusted_keys/}} dir
* The CLI directly writes the package artifacts to the local solr and ask
other nodes to fetch from this node. Nobody can upload executable jars over a
remote call
* Keys stored in ZK will not be used or trusted. So nobody can attack the
cluster by publishing a malicious key into Solr
was:
The security of the package system relies on securing ZK. It's much easier for
users to secure the file system than securing ZK.
This will
* disable the remote {{PUT /api/cluster/files}} by default
* The CLI will directly write to the keys to
{{/filestore/_trusted_keys/}} dir
* The CLI directly writes the package artifacts to the local solr and ask
other nodes to fetch from this node. Nobody can upload executable jars over a
remote call
* Keys stored in ZK will not be used or trusted. So nobody can attack the
cluster by publishing a malicious key into Solr
> package manager to read keys from packagestore and not ZK
> --
>
> Key: SOLR-14158
> URL: https://issues.apache.org/jira/browse/SOLR-14158
> Project: Solr
> Issue Type: Bug
> Security Level: Public(Default Security Level. Issues are Public)
> Components: packages
>Reporter: Noble Paul
>Assignee: Noble Paul
>Priority: Major
> Labels: packagemanager
>
> The security of the package system relies on securing ZK. It's much easier
> for users to secure the file system than securing ZK.
> We provide an option to read public keys from file store. The default
> behavior will be to read from ZK
> The nodes must be started with {{-Dpkg.keys=filestore}}
> This will
> * disable the remote {{PUT /api/cluster/files}}
> * The CLI will directly write to the keys to
> {{/filestore/_trusted_keys/}} dir
> * The CLI directly writes the package artifacts to the local solr and ask
> other nodes to fetch from this node. Nobody can upload executable jars over a
> remote call
> * Keys stored in ZK will not be used or trusted. So nobody can attack the
> cluster by publishing a malicious key into Solr
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
-
To unsubscribe, e-mail: issues-unsubscr...@lucene.apache.org
For additional commands, e-mail: issues-h...@lucene.apache.org
