Details
-
Improvement
-
Status: Closed
-
Major
-
Resolution: Fixed
-
None
-
None
-
None
Description
The solr-tests.policy is currently way too lenient. Its useful for tests but pretty worthless at defending against any attacker "for real"
For example imagine i can execute arbitrary java-ish code:
Runtime.getRuntime().exec("id");
With a security manager enabled, I'd get an exception like this:
java.security.AccessControlException: access denied ("java.io.FilePermission" "<<ALL FILES>>" "execute")
Because the current policy is so lenient and has wildcard RuntimePermission, the next thing i'd try (disable security manager, then launch process) would happily execute:
System.setSecurityManager(null);Runtime.getRuntime().exec("id");
That's because the current wildcard permission allows RuntimePermission("setSecurityManager").
There are other variants I could use, some explained by java's docs: https://docs.oracle.com/javase/7/docs/api/java/lang/RuntimePermission.html
It will take time and pain to clean up this stuff: e.g. fixing code and maybe even third-party dependencies, but gotta start somewhere. I think splitting up the wildcards is a good first step 
Attachments
Attachments
Issue Links
- causes
-
SOLR-14096
DistribPackageStore attempts to create filestore in read-only directory
-
- Closed
-
- is related to
-
SOLR-14064 remove some hadoop brain-damage from build environment
-
- Closed
-
-
-
- Closed
-
-
SOLR-14078
DistribPackageStore tries to write to source tree
-
- Resolved
-
-
SOLR-14028
Fix test permissions for TestSolrCLIRunExample
-
- Closed
-
-
SOLR-14033
Fix Hadoop tests with security manager
-
- Closed
-
-
SOLR-14077
Hadoop shouldn't need to look for metrics config in user home
-
- Closed
-
-
SOLR-14084
Security manager access denied not causing tests to fail
-
- Closed
-
- relates to
-
-
- Closed
-
-
-
- Closed
-