[
https://issues.apache.org/jira/browse/SOLR-5234?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13898968#comment-13898968
]
Uwe Schindler commented on SOLR-5234:
-------------------------------------
bq. It doesn't seem like this would be a security issue since it's at a lower
level (i.e. if an attacker can add something to ZK that points to /etc/passwd,
then they can already do any number of bad things to the cluster). It's like
saying "vi" is a security risk because it can read your files.
I agree, the example here was a little bit captious. The general problem is
just parts of solr that allow to use absolute URIs coming from the network to
load stuff via SolrResourceLoader. It is for sure no problem, if you might
place an absolute URI inside solrconfig.xml, if that file is not modifiable
through the REST API via network, which might be possible already or via new
APIs that might be added later.
The idea of [~romseygeek] is a great one. If we extend {{openResource}} API by
adding the "unsafe" parameter to it (the proposed semantics are just not ideal)
would help a lot. Stuff like Velocity or XSL's should not be allowed to escape
the instance directory. But it is still risky to allow to load resources from
anywhere. Before adding a feature like this, we should check every CVE, if it
is really not possible to do the stuff. It should be possible to use the
SolrResourceLoader in usafe wayy if you are really sure that nothing from the
public REST APIs can access stuff like this without checks.
The important thing here is: We should not make Solr a wide-open gateway
allowing to load resources from the outside without restrictions. The example
you gave with loading a very large resource file from a NFS resource is
different from the ability to load any resource from anywhere. We should be as
safe as possible.
Unless we have the ability to have access control to our network-accesible
APIs, we should not open more holes like loading stuff from arbitrary URIs.
> Allow SolrResourceLoader to load resources from URLs
> ----------------------------------------------------
>
> Key: SOLR-5234
> URL: https://issues.apache.org/jira/browse/SOLR-5234
> Project: Solr
> Issue Type: Improvement
> Reporter: Alan Woodward
> Assignee: Alan Woodward
> Priority: Minor
> Attachments: SOLR-5234.patch, SOLR-5234.patch
>
>
> This would allow multiple solr instance to share large configuration files.
> It would also help resolve problems caused by attempting to store >1Mb files
> in zookeeper.
--
This message was sent by Atlassian JIRA
(v6.1.5#6160)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org
For additional commands, e-mail: dev-h...@lucene.apache.org
