You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@lucene.apache.org by "Robert Muir (Jira)" <ji...@apache.org> on 2019/12/05 06:18:00 UTC
[jira] [Created] (SOLR-14018) sandbox velocity into oblivion
Robert Muir created SOLR-14018:
----------------------------------
Summary: sandbox velocity into oblivion
Key: SOLR-14018
URL: https://issues.apache.org/jira/browse/SOLR-14018
Project: Solr
Issue Type: Improvement
Security Level: Public (Default Security Level. Issues are Public)
Reporter: Robert Muir
followup to SOLR-19993.
The thing has too many read permissions now. it is due to my hacky first stab at the thing. instead of wrapping the whole block of code in a sandbox, we should go a little deeper, there are two things:
* Script "engine" (with all the shit needed to compile and run the script)
* Script compiled code (stuff from the luser that we definitely do not trust)
If we can split the permissions into these two, then the second one has no permissions and can't mess around as much.
It just takes wrestling, tests, and time.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@lucene.apache.org
For additional commands, e-mail: issues-help@lucene.apache.org