Details
-
Improvement
-
Status: Resolved
-
Major
-
Resolution: Won't Fix
-
None
-
None
-
None
-
None
Description
followup to SOLR-19993.
The thing has too many read permissions now. it is due to my hacky first stab at the thing. instead of wrapping the whole block of code in a sandbox, we should go a little deeper, there are two things:
- Script "engine" (with all the shit needed to compile and run the script)
- Script compiled code (stuff from the luser that we definitely do not trust)
If we can split the permissions into these two, then the second one has no permissions and can't mess around as much.
It just takes wrestling, tests, and time.
Attachments
Issue Links
- is superceded by
-
SOLR-14792 Remove VelocityResponseWriter from Solr 9
- Closed