[jira] [Updated] (SOLR-13993) sandbox velocity template render
[ https://issues.apache.org/jira/browse/SOLR-13993?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Robert Muir updated SOLR-13993: --- Attachment: SOLR-13993.patch > sandbox velocity template render > > > Key: SOLR-13993 > URL: https://issues.apache.org/jira/browse/SOLR-13993 > Project: Solr > Issue Type: Improvement > Security Level: Public(Default Security Level. Issues are Public) >Reporter: Robert Muir >Priority: Major > Attachments: SOLR-13993.patch, SOLR-13993.patch, SOLR-13993.patch, > SOLR-13993.patch > > > This thing seems dangerous :) > Making the whole solr secure is a whole nother thing: (see e.g. SOLR-13991 > and we haven't even gotten started). Its pretty difficult to convert whole > large app to work securely. It is going to take time. > In the meantime, if we have things that might do something dangerous, and > security manager is enabled, we can put them into a special little sandbox > and throw away the key: for example we can intentionally discard permissions > we don't need so they can't launch stuff, if we really don't trust them, we > can start filtering what classes classloader will load. > This isn't that crazy at all to do, e.g. your web browser does similar tricks > to try to sandbox specific parts that might do something unexpected and cause > security issue. -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: issues-unsubscr...@lucene.apache.org For additional commands, e-mail: issues-h...@lucene.apache.org
[jira] [Updated] (SOLR-13993) sandbox velocity template render
[ https://issues.apache.org/jira/browse/SOLR-13993?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Robert Muir updated SOLR-13993: --- Attachment: SOLR-13993.patch > sandbox velocity template render > > > Key: SOLR-13993 > URL: https://issues.apache.org/jira/browse/SOLR-13993 > Project: Solr > Issue Type: Improvement > Security Level: Public(Default Security Level. Issues are Public) >Reporter: Robert Muir >Priority: Major > Attachments: SOLR-13993.patch, SOLR-13993.patch, SOLR-13993.patch > > > This thing seems dangerous :) > Making the whole solr secure is a whole nother thing: (see e.g. SOLR-13991 > and we haven't even gotten started). Its pretty difficult to convert whole > large app to work securely. It is going to take time. > In the meantime, if we have things that might do something dangerous, and > security manager is enabled, we can put them into a special little sandbox > and throw away the key: for example we can intentionally discard permissions > we don't need so they can't launch stuff, if we really don't trust them, we > can start filtering what classes classloader will load. > This isn't that crazy at all to do, e.g. your web browser does similar tricks > to try to sandbox specific parts that might do something unexpected and cause > security issue. -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: issues-unsubscr...@lucene.apache.org For additional commands, e-mail: issues-h...@lucene.apache.org
[jira] [Updated] (SOLR-13993) sandbox velocity template render
[ https://issues.apache.org/jira/browse/SOLR-13993?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Erik Hatcher updated SOLR-13993: Attachment: SOLR-13993.patch > sandbox velocity template render > > > Key: SOLR-13993 > URL: https://issues.apache.org/jira/browse/SOLR-13993 > Project: Solr > Issue Type: Improvement > Security Level: Public(Default Security Level. Issues are Public) >Reporter: Robert Muir >Priority: Major > Attachments: SOLR-13993.patch > > > This thing seems dangerous :) > Making the whole solr secure is a whole nother thing: (see e.g. SOLR-13991 > and we haven't even gotten started). Its pretty difficult to convert whole > large app to work securely. It is going to take time. > In the meantime, if we have things that might do something dangerous, and > security manager is enabled, we can put them into a special little sandbox > and throw away the key: for example we can intentionally discard permissions > we don't need so they can't launch stuff, if we really don't trust them, we > can start filtering what classes classloader will load. > This isn't that crazy at all to do, e.g. your web browser does similar tricks > to try to sandbox specific parts that might do something unexpected and cause > security issue. -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: issues-unsubscr...@lucene.apache.org For additional commands, e-mail: issues-h...@lucene.apache.org
