[LUCENE-5650] Enforce read-only access to any path outside the temporary folder via security manager - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Closed
Priority: Minor
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 5.0, 6.0
Component/s: general/test
Labels:
None

Lucene Fields:

New

Description

The recent refactoring to all the create temp file/dir functions (which is great!) has a minor regression from what existed before. With the old LuceneTestCase.TEMP_DIR, the directory was created if it did not exist. So, if you set java.io.tmpdir to "./temp", then it would create that dir within the per jvm working dir. However, getBaseTempDirForClass() now does asserts that check the dir exists, is a dir, and is writeable.

Lucene uses "." as java.io.tmpdir. Then in the test security manager, the per jvm cwd has read/write/execute permissions. However, this allows tests to write to their cwd, which I'm trying to protect against (by setting cwd to read/execute in my test security manager).

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

LUCENE-5650.patch
07/May/14 19:11
3 kB
Ryan Ernst
LUCENE-5650.patch
09/May/14 22:22
17 kB
Dawid Weiss
LUCENE-5650.patch
10/May/14 23:42
17 kB
Ryan Ernst
LUCENE-5650.patch
16/May/14 01:45
23 kB
Ryan Ernst
dih.patch
20/May/14 15:28
3 kB
Ryan Ernst

Issue Links

contains

SOLR-6410 Suggester CloseHook for Lookup instances needs backported to 4x branch

Closed

Activity

People

Assignee:: Dawid Weiss

Reporter:: Ryan Ernst

Votes:: 0 Vote for this issue

Watchers:: 6 Start watching this issue

Dates

Created:: 06/May/14 20:10

Updated:: 28/Aug/22 14:06

Resolved:: 23/Aug/14 17:40