You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@solr.apache.org by "Noble Paul (Jira)" <ji...@apache.org> on 2023/05/02 13:48:00 UTC

[jira] [Comment Edited] (SOLR-16777) Schema Designer blindly "trusts" potentially malicious configset

    [ https://issues.apache.org/jira/browse/SOLR-16777?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17718575#comment-17718575 ] 

Noble Paul edited comment on SOLR-16777 at 5/2/23 1:47 PM:
-----------------------------------------------------------

security is not optional . Unsafe features should be removed as and when we find them

 

I don't think this makes schema designer unusable at all. This is an extremely obscure feature that's carried forward from non cloud Solr


was (Author: noble.paul):
security is not optional . Unsafe features should be removed as and when we find them

> Schema Designer blindly "trusts" potentially malicious configset
> ----------------------------------------------------------------
>
>                 Key: SOLR-16777
>                 URL: https://issues.apache.org/jira/browse/SOLR-16777
>             Project: Solr
>          Issue Type: Bug
>    Affects Versions: 9.0, 8.10, 8.11.2, 9.1, 9.2, 9.1.1
>            Reporter: Ishan Chattopadhyaya
>            Assignee: Ishan Chattopadhyaya
>            Priority: Blocker
>             Fix For: 9.2.2
>
>         Attachments: SOLR-16777.patch
>
>          Time Spent: 0.5h
>  Remaining Estimate: 0h
>
> When configset API is used to upload configsets by unauthenticated users, a "trusted: false" flag is set on the configset. Such configsets cannot use the <lib> directive to load classes while creating/loading collections. Details here: https://solr.apache.org/guide/8_10/configsets-api.html#configsets-upload
> Unfortunately, this safety mechanism was bypassed in the schema designer when a isConfigsetTrusted was hardcoded to true. [https://github.com/apache/solr/blob/branch_9_1/solr/core/src/java/org/apache/solr/handler/designer/SchemaDesignerConfigSetHelper.java#L697]
>  
> As per Skay's report [https://twitter.com/Skay_00/status/1646870062601756672|https://twitter.com/Skay_00/status/1646870062601756672),] remote code execution is possible in unsecured Solr clusters where authentication hasn't been enabled. This ticket is to mitigate one aspect of that, i.e. the schema designer vulnerability. While our recommendation to all users remains the same, i.e. to secure Solr installations with authentication and authorization, I thank Skay for his detailed report.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@solr.apache.org
For additional commands, e-mail: issues-help@solr.apache.org