Uploaded image for project: 'Solr'
  1. Solr
  2. SOLR-14018

sandbox velocity into oblivion

    XMLWordPrintableJSON

Details

    • Improvement
    • Status: Resolved
    • Major
    • Resolution: Won't Fix
    • None
    • None
    • None
    • None

    Description

      followup to SOLR-19993.

      The thing has too many read permissions now. it is due to my hacky first stab at the thing. instead of wrapping the whole block of code in a sandbox, we should go a little deeper, there are two things:

      • Script "engine" (with all the shit needed to compile and run the script)
      • Script compiled code (stuff from the luser that we definitely do not trust)

      If we can split the permissions into these two, then the second one has no permissions and can't mess around as much.

      It just takes wrestling, tests, and time.

      Attachments

        Issue Links

          is superceded by

          Improvement - An improvement or enhancement to an existing feature or task. SOLR-14792 Remove VelocityResponseWriter from Solr 9

          • Blocker - Blocks development and/or testing work, production could not run
          • Closed

          Activity

            People

              Unassigned Unassigned
              rcmuir Robert Muir
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: