[
https://issues.apache.org/jira/browse/LUCENE-6238?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Robert Muir updated LUCENE-6238:
--------------------------------
Attachment: LUCENE-6238.patch
Here is a patch:
* removes read and execute permission for whole filesystem
* removes unnecessary network permissions
* adds only runtimepermissions actually needed
This found a few test bugs.
> minimize tests.policy
> ---------------------
>
> Key: LUCENE-6238
> URL: https://issues.apache.org/jira/browse/LUCENE-6238
> Project: Lucene - Core
> Issue Type: Bug
> Reporter: Robert Muir
> Attachments: LUCENE-6238.patch
>
>
> This is overly permissive:
> {noformat}
> // Basic permissions needed for Lucene to work:
> permission java.util.PropertyPermission "*", "read,write";
> permission java.lang.reflect.ReflectPermission "*";
> permission java.lang.RuntimePermission "*";
> {noformat}
> Because of various BS like unsafe-hacks (only mmap seems to do it properly),
> this means effectively you cannot use lucene with SM today, without allowing
> SM itself to just be disabled with reflection.
> This is easy to fix.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org
For additional commands, e-mail: dev-h...@lucene.apache.org
