You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@lucene.apache.org by "Robert Muir (Jira)" <ji...@apache.org> on 2019/12/05 06:18:00 UTC

[jira] [Created] (SOLR-14018) sandbox velocity into oblivion

Robert Muir created SOLR-14018:
----------------------------------

             Summary: sandbox velocity into oblivion
                 Key: SOLR-14018
                 URL: https://issues.apache.org/jira/browse/SOLR-14018
             Project: Solr
          Issue Type: Improvement
      Security Level: Public (Default Security Level. Issues are Public)
            Reporter: Robert Muir


followup to SOLR-19993. 

The thing has too many read permissions now. it is due to my hacky first stab at the thing. instead of wrapping the whole block of code in a sandbox, we should go a little deeper, there are two things:
* Script "engine" (with all the shit needed to compile and run the script)
* Script compiled code (stuff from the luser that we definitely do not trust)

If we can split the permissions into these two, then the second one has no permissions and can't mess around as much.

It just takes wrestling, tests, and time.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@lucene.apache.org
For additional commands, e-mail: issues-help@lucene.apache.org