risdenk commented on PR #1044: URL: https://github.com/apache/solr/pull/1044#issuecomment-1274956428
wow so I tracked this down to a potentially really ugly security policy bug... https://github.com/apache/solr/blob/main/solr/server/etc/security.policy#L199 ``` permission java.io.FilePermission "${solr.data.home}", "read,write,delete,readlink"; permission java.io.FilePermission "${solr.data.home}${/}-", "read,write,delete,readlink"; ``` `solr.data.home` is set to `""` which as far as I can tell means allow read under `/`. I found this by adding `-a "-agentlib:jdwp=transport=dt_socket,server=y,suspend=y,address=*:5005" -Djava.security.debug=access,policy` to the `test_modules.bats` when I commented out the `solr.data.home` line Solr fails to start since it can't read/write temp files. I added in ``` // tmpdir permission java.io.FilePermission "${java.io.tmpdir}", "read,write"; permission java.io.FilePermission "${java.io.tmpdir}${/}-", "read,write,delete"; ``` and this reproduces what SOLR-16433 said it would. So `solr.data.home` needs to be set or we need to figure out how to unset it completely to ensure that the security policy doesn't think `""` is ok. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@solr.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: issues-unsubscr...@solr.apache.org For additional commands, e-mail: issues-h...@solr.apache.org
