[ https://issues.apache.org/jira/browse/SOLR-13984?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16985411#comment-16985411 ]
Robert Muir commented on SOLR-13984: ------------------------------------ Hi Ishan: what do you think about narrowing the scope of this first issue to disabling process execution (e.g. RCE). I think this may be challenging enough. Implementing this "fully", to do things like protect filesystem access to defend against other attacks like directory traversal, will likely involve major changes. For example if users can do HTTP requests that spin up new cores on arbitrary filesystem locations, and that model must be supported, then its impossible to really limit filesystem access. And if components try to allow arbitrary execution of scripts or similar, it gets heavy. Essentially to secure the application, it is more than just adding some 'sandbox feature', usually code has to be refactored around principle of least priv and code with security issues has to be fixed. SOLR-13982 is a good example of this: browser's 'sandbox feature' is not fully effective until we actually fix the underlying code to be more secure. But I think we should special case RCE: disable process execution and try to make it impossible as a first step. > Solr should run inside a SecurityManager > ---------------------------------------- > > Key: SOLR-13984 > URL: https://issues.apache.org/jira/browse/SOLR-13984 > Project: Solr > Issue Type: Improvement > Security Level: Public(Default Security Level. Issues are Public) > Reporter: Ishan Chattopadhyaya > Priority: Major > > To reduce the effect of attacks, esp. RCE, Solr should run inside a > SecurityManager. > Quoting Uwe here: > {quote} > The correct way to fix all issues we have seen the last time is very simple: > LET'S RUN SOLR INSIDE A SECURITY MANAGER IN PRODUCTION (like in tests). > Elasticsearch is doing this, so please please let's do this instead. But this > requires to finally get rid of the webapplication and start.jar and add our > own bootstrapping (like in tests) that configure Jetty and Security Manager > from our own org.apache.solr.bootstrap.Main.java (or similar). > {quote} > https://jira.apache.org/jira/browse/SOLR-12316?focusedCommentId=16465038&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-16465038 -- This message was sent by Atlassian Jira (v8.3.4#803005) --------------------------------------------------------------------- To unsubscribe, e-mail: issues-unsubscr...@lucene.apache.org For additional commands, e-mail: issues-h...@lucene.apache.org