You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@lucene.apache.org by "Robert Muir (Jira)" <ji...@apache.org> on 2019/12/02 22:11:01 UTC

[jira] [Created] (SOLR-13993) sandbox velocity template render

Robert Muir created SOLR-13993:
----------------------------------

             Summary: sandbox velocity template render
                 Key: SOLR-13993
                 URL: https://issues.apache.org/jira/browse/SOLR-13993
             Project: Solr
          Issue Type: Improvement
      Security Level: Public (Default Security Level. Issues are Public)
            Reporter: Robert Muir


This thing seems dangerous :)

Making the whole solr secure is a whole nother thing: (see e.g. SOLR-13991 and we haven't even gotten started). Its pretty difficult to convert whole large app to work securely. It is going to take time.

In the meantime, if we have things that might do something dangerous, and security manager is enabled, we can put them into a special little sandbox and throw away the key: for example we can intentionally discard permissions we don't need so they can't launch stuff, if we really don't trust them, we can start filtering what classes classloader will load.

This isn't that crazy at all to do, e.g. your web browser does similar tricks to try to sandbox specific parts that might do something unexpected and cause security issue.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@lucene.apache.org
For additional commands, e-mail: issues-help@lucene.apache.org