Uploaded image for project: 'Solr'
  1. Solr
  2. SOLR-13983

remove or replace process execution in SystemInfoHandler

    XMLWordPrintableJSON

Details

    • Improvement
    • Status: Closed
    • Major
    • Resolution: Fixed
    • None
    • 8.5
    • None
    • None

    Description

      SystemInfoHandler is the only place in solr code executing processes.

      Since solr is a server/long running process listening to HTTP, ideally process execution could be disabled (e.g. with security manager). But first this code needs to be removed or replaced, so that there is no legitimate use of it:

      try { 
      if (!Constants.WINDOWS) {
        info.add( "uname",  execute( "uname -a" ) );
        info.add( "uptime", execute( "uptime" ) );
      }
    } catch( Exception ex ) {
      log.warn("Unable to execute command line tools to get operating system properties.", ex);
    } 
    return info;

      It already looks like its getting data from OS MXbean here, so maybe this logic is simply outdated or not needed. It seems to be "best-effort" anyway. Alternatively similar stuff could be fetched by reading from e.g. /proc file system location if needed.

      Attachments

        1. SOLR-13983.patch
          4 kB
          Robert Muir

        Issue Links

          is duplicated by

          Bug - A problem which impairs or prevents the functions of the product. SOLR-14416 Nodes view doesn't work correctly when Solr is hosted on Windows

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Resolved

          Activity

            People

              Unassigned Unassigned
              rcmuir Robert Muir
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: