[ https://issues.apache.org/jira/browse/LUCENE-6238?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Robert Muir updated LUCENE-6238: -------------------------------- Attachment: LUCENE-6238.patch Here is a patch: * removes read and execute permission for whole filesystem * removes unnecessary network permissions * adds only runtimepermissions actually needed This found a few test bugs. > minimize tests.policy > --------------------- > > Key: LUCENE-6238 > URL: https://issues.apache.org/jira/browse/LUCENE-6238 > Project: Lucene - Core > Issue Type: Bug > Reporter: Robert Muir > Attachments: LUCENE-6238.patch > > > This is overly permissive: > {noformat} > // Basic permissions needed for Lucene to work: > permission java.util.PropertyPermission "*", "read,write"; > permission java.lang.reflect.ReflectPermission "*"; > permission java.lang.RuntimePermission "*"; > {noformat} > Because of various BS like unsafe-hacks (only mmap seems to do it properly), > this means effectively you cannot use lucene with SM today, without allowing > SM itself to just be disabled with reflection. > This is easy to fix. -- This message was sent by Atlassian JIRA (v6.3.4#6332) --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org For additional commands, e-mail: dev-h...@lucene.apache.org