[jira] [Commented] (LUCENE-4352) only the test runner should be able to System.exit

Mon, 03 Sep 2012 23:52:11 -0700 

    [ 
https://issues.apache.org/jira/browse/LUCENE-4352?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13447515#comment-13447515
 ] 

Uwe Schindler commented on LUCENE-4352:
---------------------------------------

For the test-framework an example for using AccessControler.doPrivileged() 
would be:
- Policy denies e.g. file access outside the test runner JAR (which may be a 
good idea) -> "untrusted code"
- But Policy allows writing files outside the J0 working directory for the 
test-framework.jar file itself -> "trusted code"

The problem here would be: 
- "untrusted" code calls "trusted" code, e.g. the test ("untrusted") calls a 
method from test-framework that writes outside base directory. The calling 
"untrusted" code is not allowed to do this, but the test-framework itsself 
("trusted") is allowed to do this.
- SecurityManager would disallow this, but that may not what we want.

The naming of AccessController.doPrivileged is a little bit misleading. It does 
not mean something is "privileged", it just tells that the closure should not 
be handled by access checks of the code calling you, but with the context of 
your own code. This is always needed when untrusted code calls trusted code 
which would normally have higher rights.

The above example might be a good solution (limit write access to test-runner's 
local private "J0" directory only).
                
> only the test runner should be able to System.exit
> --------------------------------------------------
>
>                 Key: LUCENE-4352
>                 URL: https://issues.apache.org/jira/browse/LUCENE-4352
>             Project: Lucene - Core
>          Issue Type: Bug
>          Components: general/test
>    Affects Versions: 4.0-BETA
>            Reporter: Robert Muir
>            Assignee: Uwe Schindler
>             Fix For: 5.0, 4.0
>
>         Attachments: LUCENE-4352.patch, LUCENE-4352.patch, LUCENE-4352.patch, 
> LUCENE-4352.patch, LUCENE-4352.patch
>
>
> All others should get SecurityException

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org
For additional commands, e-mail: dev-h...@lucene.apache.org

Reply via email to