Uploaded image for project: 'Lucene - Core'
  1. Lucene - Core
  2. LUCENE-5650

Enforce read-only access to any path outside the temporary folder via security manager

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 5.0, 6.0
    • Component/s: general/test
    • Labels:
      None
    • Lucene Fields:
      New

      Description

      The recent refactoring to all the create temp file/dir functions (which is great!) has a minor regression from what existed before. With the old LuceneTestCase.TEMP_DIR, the directory was created if it did not exist. So, if you set java.io.tmpdir to "./temp", then it would create that dir within the per jvm working dir. However, getBaseTempDirForClass() now does asserts that check the dir exists, is a dir, and is writeable.

      Lucene uses "." as java.io.tmpdir. Then in the test security manager, the per jvm cwd has read/write/execute permissions. However, this allows tests to write to their cwd, which I'm trying to protect against (by setting cwd to read/execute in my test security manager).

        Attachments

        1. LUCENE-5650.patch
          3 kB
          Ryan Ernst
        2. LUCENE-5650.patch
          17 kB
          Dawid Weiss
        3. LUCENE-5650.patch
          17 kB
          Ryan Ernst
        4. LUCENE-5650.patch
          23 kB
          Ryan Ernst
        5. dih.patch
          3 kB
          Ryan Ernst

          Issue Links

            Activity

              People

              • Assignee:
                dweiss Dawid Weiss
                Reporter:
                rjernst Ryan Ernst
              • Votes:
                0 Vote for this issue
                Watchers:
                6 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: