Lucene - Core
  1. Lucene - Core
  2. LUCENE-5650

Enforce read-only access to any path outside the temporary folder via security manager

    Details

    • Type: Improvement Improvement
    • Status: Closed
    • Priority: Minor Minor
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 5.0, master
    • Component/s: general/test
    • Labels:
      None
    • Lucene Fields:
      New

      Description

      The recent refactoring to all the create temp file/dir functions (which is great!) has a minor regression from what existed before. With the old LuceneTestCase.TEMP_DIR, the directory was created if it did not exist. So, if you set java.io.tmpdir to "./temp", then it would create that dir within the per jvm working dir. However, getBaseTempDirForClass() now does asserts that check the dir exists, is a dir, and is writeable.

      Lucene uses "." as java.io.tmpdir. Then in the test security manager, the per jvm cwd has read/write/execute permissions. However, this allows tests to write to their cwd, which I'm trying to protect against (by setting cwd to read/execute in my test security manager).

      1. dih.patch
        3 kB
        Ryan Ernst
      2. LUCENE-5650.patch
        23 kB
        Ryan Ernst
      3. LUCENE-5650.patch
        17 kB
        Ryan Ernst
      4. LUCENE-5650.patch
        17 kB
        Dawid Weiss
      5. LUCENE-5650.patch
        3 kB
        Ryan Ernst

        Issue Links

          Activity

          Ryan Ernst created issue -
          Dawid Weiss made changes -
          Field Original Value New Value
          Assignee Dawid Weiss [ dweiss ]
          Dawid Weiss made changes -
          Fix Version/s 4.9 [ 12326730 ]
          Fix Version/s 5.0 [ 12321663 ]
          Dawid Weiss made changes -
          Issue Type Bug [ 1 ] Improvement [ 4 ]
          Dawid Weiss made changes -
          Priority Major [ 3 ] Minor [ 4 ]
          Dawid Weiss made changes -
          Component/s general/test [ 12313730 ]
          Ryan Ernst made changes -
          Attachment LUCENE-5650.patch [ 12643833 ]
          Dawid Weiss made changes -
          Attachment LUCENE-5650.patch [ 12644199 ]
          Ryan Ernst made changes -
          Attachment LUCENE-5650.patch [ 12644306 ]
          Ryan Ernst made changes -
          Attachment LUCENE-5650.patch [ 12645159 ]
          Ryan Ernst made changes -
          Attachment dih.patch [ 12645807 ]
          Dawid Weiss made changes -
          Summary createTempDir and associated functions no longer create java.io.tmpdir Enforce read-only access to any path outside the temporary folder via security manager
          Hoss Man made changes -
          Link This issue contains SOLR-6410 [ SOLR-6410 ]
          Ryan Ernst made changes -
          Status Open [ 1 ] Resolved [ 5 ]
          Fix Version/s 4.11 [ 12327844 ]
          Fix Version/s 4.9 [ 12326730 ]
          Resolution Fixed [ 1 ]
          Anshum Gupta made changes -
          Status Resolved [ 5 ] Closed [ 6 ]

            People

            • Assignee:
              Dawid Weiss
              Reporter:
              Ryan Ernst
            • Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Development