[
https://issues.apache.org/jira/browse/SOLR-5617?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Shawn Heisey updated SOLR-5617:
-------------------------------
Description:
SOLR-4882 introduced restrictions for the Solr class loader that cause
resources outside the instanceDir to fail to load. This is a very good goal,
but what if you have common resources like included config files that are
outside instanceDir but are still fully inside the solr home?
I can understand not wanting to load resources from an arbitrary path, but the
solr home and its children should be about as trustworthy as instanceDir.
Ideally I'd like to have anything that's in $\{solr.solr.home\} trusted
automatically. If I need to define a system property to make this happen, I'm
OK with that -- as long as I don't have to turn off the safety checking
entirely.
was:
SOLR-4882 introduced restrictions for the Solr class loader that cause
resources outside the instanceDir to fail to load. This is a very good goal,
but it also causes resources in $\{solr.solr.home\}/lib to fail to load. In
order to get those jars to work, I must turn off all SOLR-4882 safety checking.
I can understand not wanting to load resources from an arbitrary path, but the
solr home and its children should be about as trustworthy as instanceDir.
Ideally I'd like to have $\{solr.solr.home\}/lib trusted automatically, since
it is searched automatically. If I need to define a system property to make
this happen, I'm OK with that -- as long as I don't have to turn off the safety
checking entirely.
> Default classloader restrictions may be too tight
> -------------------------------------------------
>
> Key: SOLR-5617
> URL: https://issues.apache.org/jira/browse/SOLR-5617
> Project: Solr
> Issue Type: Bug
> Affects Versions: 4.6
> Reporter: Shawn Heisey
> Labels: security
> Fix For: 5.0, 4.7
>
>
> SOLR-4882 introduced restrictions for the Solr class loader that cause
> resources outside the instanceDir to fail to load. This is a very good goal,
> but what if you have common resources like included config files that are
> outside instanceDir but are still fully inside the solr home?
> I can understand not wanting to load resources from an arbitrary path, but
> the solr home and its children should be about as trustworthy as instanceDir.
> Ideally I'd like to have anything that's in $\{solr.solr.home\} trusted
> automatically. If I need to define a system property to make this happen,
> I'm OK with that -- as long as I don't have to turn off the safety checking
> entirely.
--
This message was sent by Atlassian JIRA
(v6.1.5#6160)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org
For additional commands, e-mail: dev-h...@lucene.apache.org
