You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@lucene.apache.org by rm...@apache.org on 2019/12/05 20:09:16 UTC
[lucene-solr] branch branch_8x updated: SOLR-14020: move hadoop
hacks out of lucene TestSecurityManager into a solr one
This is an automated email from the ASF dual-hosted git repository.
rmuir pushed a commit to branch branch_8x
in repository https://gitbox.apache.org/repos/asf/lucene-solr.git
The following commit(s) were added to refs/heads/branch_8x by this push:
new 0cd302d SOLR-14020: move hadoop hacks out of lucene TestSecurityManager into a solr one
0cd302d is described below
commit 0cd302d7b7d8d144877ee0afaa080024654b22da
Author: Robert Muir <rm...@apache.org>
AuthorDate: Thu Dec 5 14:53:23 2019 -0500
SOLR-14020: move hadoop hacks out of lucene TestSecurityManager into a solr one
---
.../apache/lucene/util/TestSecurityManager.java | 87 ----------------------
solr/common-build.xml | 7 +-
.../org/apache/solr/util/SolrSecurityManager.java | 13 ++--
3 files changed, 13 insertions(+), 94 deletions(-)
diff --git a/lucene/test-framework/src/java/org/apache/lucene/util/TestSecurityManager.java b/lucene/test-framework/src/java/org/apache/lucene/util/TestSecurityManager.java
index ee2e382..99c6270 100644
--- a/lucene/test-framework/src/java/org/apache/lucene/util/TestSecurityManager.java
+++ b/lucene/test-framework/src/java/org/apache/lucene/util/TestSecurityManager.java
@@ -41,93 +41,6 @@ public final class TestSecurityManager extends SecurityManager {
super();
}
- // TODO: move this stuff into a Solr (non-test) SecurityManager!
- /**
- * {@inheritDoc}
- * <p>This method implements hacks to workaround hadoop's garbage Shell and FileUtil code
- */
- @Override
- public void checkExec(String cmd) {
- // NOTE: it would be tempting to just allow anything from hadoop's Shell class, but then
- // that would just give an easy vector for RCE (use hadoop Shell instead of e.g. ProcessBuilder)
- // so we whitelist actual caller impl methods instead.
- for (StackTraceElement element : Thread.currentThread().getStackTrace()) {
- // hadoop insists on shelling out to get the user's supplementary groups?
- if ("org.apache.hadoop.security.ShellBasedUnixGroupsMapping".equals(element.getClassName()) &&
- "getGroups".equals(element.getMethodName())) {
- return;
- }
- // hadoop insists on shelling out to parse 'df' command instead of using FileStore?
- if ("org.apache.hadoop.fs.DF".equals(element.getClassName()) &&
- "getFilesystem".equals(element.getMethodName())) {
- return;
- }
- // hadoop insists on shelling out to parse 'du' command instead of using FileStore?
- if ("org.apache.hadoop.fs.DU".equals(element.getClassName()) &&
- "refresh".equals(element.getMethodName())) {
- return;
- }
- // hadoop insists on shelling out to parse 'ls' command instead of java nio apis?
- if ("org.apache.hadoop.util.DiskChecker".equals(element.getClassName()) &&
- "checkDir".equals(element.getMethodName())) {
- return;
- }
- // hadoop insists on shelling out to parse 'stat' command instead of Files.getAttributes?
- if ("org.apache.hadoop.fs.HardLink".equals(element.getClassName()) &&
- "getLinkCount".equals(element.getMethodName())) {
- return;
- }
- // hadoop "canExecute" method doesn't handle securityexception and fails completely.
- // so, lie to it, and tell it we will happily execute, so it does not crash.
- if ("org.apache.hadoop.fs.FileUtil".equals(element.getClassName()) &&
- "canExecute".equals(element.getMethodName())) {
- return;
- }
- }
- super.checkExec(cmd);
- }
-
- /**
- * {@inheritDoc}
- * <p>This method implements hacks to workaround hadoop's garbage FileUtil code
- */
- @Override
- public void checkWrite(String file) {
- for (StackTraceElement element : Thread.currentThread().getStackTrace()) {
- // hadoop "canWrite" method doesn't handle securityexception and fails completely.
- // so, lie to it, and tell it we will happily write, so it does not crash.
- if ("org.apache.hadoop.fs.FileUtil".equals(element.getClassName()) &&
- "canWrite".equals(element.getMethodName())) {
- return;
- }
- }
- super.checkWrite(file);
- }
-
- /**
- * {@inheritDoc}
- * <p>This method implements hacks to workaround hadoop's garbage FileUtil code
- */
- @Override
- public void checkRead(String file) {
- for (StackTraceElement element : Thread.currentThread().getStackTrace()) {
- // hadoop "createPermissionsDiagnosisString" method doesn't handle securityexception and fails completely.
- // it insists on climbing up full directory tree!
- // so, lie to it, and tell it we will happily read, so it does not crash.
- if ("org.apache.hadoop.hdfs.MiniDFSCluster".equals(element.getClassName()) &&
- "createPermissionsDiagnosisString".equals(element.getMethodName())) {
- return;
- }
- // hadoop "canRead" method doesn't handle securityexception and fails completely.
- // so, lie to it, and tell it we will happily read, so it does not crash.
- if ("org.apache.hadoop.fs.FileUtil".equals(element.getClassName()) &&
- "canRead".equals(element.getMethodName())) {
- return;
- }
- }
- super.checkRead(file);
- }
-
/**
* {@inheritDoc}
* <p>This method inspects the stack trace and checks who is calling
diff --git a/solr/common-build.xml b/solr/common-build.xml
index 24e7d9c..8b513b6 100644
--- a/solr/common-build.xml
+++ b/solr/common-build.xml
@@ -152,7 +152,12 @@
</sequential>
</macrodef>
- <!--
+ <!-- turn on security manager? -->
+ <condition property="java.security.manager" value="org.apache.solr.util.SolrSecurityManager">
+ <istrue value="${tests.useSecurityManager}"/>
+ </condition>
+
+ <!--
We don't want to run HDFS tests on Windows by default, because they require Cygwin.
Cygwin users can explicitly set -Dtests.disableHdfs=false to enable Hdfs related testing.
-->
diff --git a/lucene/test-framework/src/java/org/apache/lucene/util/TestSecurityManager.java b/solr/test-framework/src/java/org/apache/solr/util/SolrSecurityManager.java
similarity index 95%
copy from lucene/test-framework/src/java/org/apache/lucene/util/TestSecurityManager.java
copy to solr/test-framework/src/java/org/apache/solr/util/SolrSecurityManager.java
index ee2e382..60411f0 100644
--- a/lucene/test-framework/src/java/org/apache/lucene/util/TestSecurityManager.java
+++ b/solr/test-framework/src/java/org/apache/solr/util/SolrSecurityManager.java
@@ -14,30 +14,31 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*/
-package org.apache.lucene.util;
+package org.apache.solr.util;
import java.security.AccessController;
import java.security.PrivilegedAction;
/**
- * A {@link SecurityManager} that prevents tests calling {@link System#exit(int)}.
+ * A {@link SecurityManager} that prevents tests calling {@link System#exit(int)},
+ * and implements some hacks for hadoop.
* Only the test runner itself is allowed to exit the JVM.
* All other security checks are handled by the default security policy.
* <p>
- * Use this with {@code -Djava.security.manager=org.apache.lucene.util.TestSecurityManager}.
+ * Use this with {@code -Djava.security.manager=org.apache.solr.util.SolrSecurityManager}.
*/
-public final class TestSecurityManager extends SecurityManager {
+public final class SolrSecurityManager extends SecurityManager {
static final String JUNIT4_TEST_RUNNER_PACKAGE = "com.carrotsearch.ant.tasks.junit4.";
static final String ECLIPSE_TEST_RUNNER_PACKAGE = "org.eclipse.jdt.internal.junit.runner.";
static final String IDEA_TEST_RUNNER_PACKAGE = "com.intellij.rt.execution.junit.";
/**
- * Creates a new TestSecurityManager. This ctor is called on JVM startup,
+ * Creates a new SolrSecurityManager. This ctor is called on JVM startup,
* when {@code -Djava.security.manager=org.apache.lucene.util.TestSecurityManager}
* is passed to JVM.
*/
- public TestSecurityManager() {
+ public SolrSecurityManager() {
super();
}