You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@lucene.apache.org by "Robert Muir (Jira)" <ji...@apache.org> on 2019/12/02 22:11:01 UTC
[jira] [Created] (SOLR-13993) sandbox velocity template render
Robert Muir created SOLR-13993:
----------------------------------
Summary: sandbox velocity template render
Key: SOLR-13993
URL: https://issues.apache.org/jira/browse/SOLR-13993
Project: Solr
Issue Type: Improvement
Security Level: Public (Default Security Level. Issues are Public)
Reporter: Robert Muir
This thing seems dangerous :)
Making the whole solr secure is a whole nother thing: (see e.g. SOLR-13991 and we haven't even gotten started). Its pretty difficult to convert whole large app to work securely. It is going to take time.
In the meantime, if we have things that might do something dangerous, and security manager is enabled, we can put them into a special little sandbox and throw away the key: for example we can intentionally discard permissions we don't need so they can't launch stuff, if we really don't trust them, we can start filtering what classes classloader will load.
This isn't that crazy at all to do, e.g. your web browser does similar tricks to try to sandbox specific parts that might do something unexpected and cause security issue.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@lucene.apache.org
For additional commands, e-mail: issues-help@lucene.apache.org