You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@lucene.apache.org by "Cassandra Targett (Jira)" <ji...@apache.org> on 2020/03/04 20:36:00 UTC
[jira] [Commented] (SOLR-13983) remove or replace process execution
in SystemInfoHandler
[ https://issues.apache.org/jira/browse/SOLR-13983?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17051603#comment-17051603 ]
Cassandra Targett commented on SOLR-13983:
------------------------------------------
[~rcmuir], can this be resolved? It was in the Upgrade Notes in CHANGES.txt that David migrated into the Ref Guide (although not otherwise mentioned in CHANGES.txt), so seems to me like it is done?
> remove or replace process execution in SystemInfoHandler
> --------------------------------------------------------
>
> Key: SOLR-13983
> URL: https://issues.apache.org/jira/browse/SOLR-13983
> Project: Solr
> Issue Type: Improvement
> Reporter: Robert Muir
> Priority: Major
> Attachments: SOLR-13983.patch
>
>
> SystemInfoHandler is the only place in solr code executing processes.
> Since solr is a server/long running process listening to HTTP, ideally process execution could be disabled (e.g. with security manager). But first this code needs to be removed or replaced, so that there is no legitimate use of it:
> {noformat}
> try {
> if (!Constants.WINDOWS) {
> info.add( "uname", execute( "uname -a" ) );
> info.add( "uptime", execute( "uptime" ) );
> }
> } catch( Exception ex ) {
> log.warn("Unable to execute command line tools to get operating system properties.", ex);
> }
> return info;
> {noformat}
> It already looks like its getting data from OS MXbean here, so maybe this logic is simply outdated or not needed. It seems to be "best-effort" anyway. Alternatively similar stuff could be fetched by reading from e.g. /proc file system location if needed.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@lucene.apache.org
For additional commands, e-mail: issues-help@lucene.apache.org