[
https://issues.apache.org/jira/browse/LUCENE-5471?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13914731#comment-13914731
]
Rick Hillegas commented on LUCENE-5471:
---------------------------------------
Thanks for the help and the discussion so far, Hoss and Uwe.
Attaching a second rev of the SecureLucene test program. This version pares
back the permissions in order to expose the minimal attack surface which I can
configure by myself. Here are the minimal permissions which the test program
grants in order to run successfully under a Java Security Manager:
{noformat}
// permissions granted to Lucene
grant codeBase
"file:/Users/rh161140/derby/derby-590/trunk/tools/java/lucene-core-4.5.0.jar"
{
// permissions for file access, write access only to sandbox:
permission java.io.FilePermission "<<ALL FILES>>", "read";
permission java.io.FilePermission
"/Users/rh161140/derby/derby-590/luceneTest", "read,write,delete";
permission java.io.FilePermission
"/Users/rh161140/derby/derby-590/luceneTest/-", "read,write,delete";
// Basic permissions needed for Lucene to work:
permission java.util.PropertyPermission "user.dir", "read";
permission java.util.PropertyPermission "sun.arch.data.model", "read";
permission java.lang.reflect.ReflectPermission "*";
permission java.lang.RuntimePermission "*";
};
// permissions granted to the application
grant codeBase "file:/Users/rh161140/src/"
{
// permissions for file access, write access only to sandbox:
permission java.io.FilePermission "<<ALL FILES>>", "read";
permission java.io.FilePermission
"/Users/rh161140/derby/derby-590/luceneTest", "read,write";
permission java.io.FilePermission
"/Users/rh161140/derby/derby-590/luceneTest/-", "read,write,delete";
// Basic permissions needed for Lucene to work:
permission java.util.PropertyPermission "user.dir", "read";
permission java.util.PropertyPermission "sun.arch.data.model", "read";
};
{noformat}
I have some follow on comments and questions:
1) Is it really necessary to grant Lucene every RuntimePermission and the
privilege to read every file in the file system? Maybe these grants can be
tightened.
2) I don't understand why the calling, application code needs to be granted any
permissions. Maybe some more privilege blocks could be added to the Lucene
code? In particular, it seems a shame that the application has to be granted
the privilege to read every file in the file system.
3) Most of the application permissions are self-revealing. That is, if I omit
one of them, then I get an exception telling me that the permission needs to be
granted. However, that is not the case for the first permission granted to the
application...
permission java.io.FilePermission "<<ALL FILES>>", "read";
...Without that permission, I get the original puzzling exception: "Caused by:
java.lang.IllegalArgumentException: A SPI class of type
org.apache.lucene.codecs.Codec...", which doesn't really tell me what the
problem is. Maybe the wording of that exception could be improved so that the
user can be told that one of its root causes is a failure to grant the
application and Lucene read access to every file in the file system.
Thanks,
-Rick
> Classloader issues when running Lucene under a java SecurityManager
> -------------------------------------------------------------------
>
> Key: LUCENE-5471
> URL: https://issues.apache.org/jira/browse/LUCENE-5471
> Project: Lucene - Core
> Issue Type: Bug
> Affects Versions: 4.5
> Reporter: Rick Hillegas
> Attachments: SecureLucene.java
>
>
> I see the following error when I run Lucene 4.5.0 under a java
> SecurityManager. I will attach a test program which shows this problem. The
> program works fine when a SecurityManager is not installed. But the program
> fails when I install a SecurityManager. Even more puzzling, the program works
> if I first run it without a SecurityManager, then install a SecurityManager,
> then re-run the program, all within the lifetime of a single JVM. I would
> appreciate advice about how to work around this problem:
> Exception in thread "main" java.lang.ExceptionInInitializerError
> at
> org.apache.lucene.index.LiveIndexWriterConfig.<init>(LiveIndexWriterConfig.java:122)
> at
> org.apache.lucene.index.IndexWriterConfig.<init>(IndexWriterConfig.java:165)
> at SecureLucene$1.run(SecureLucene.java:129)
> at SecureLucene$1.run(SecureLucene.java:122)
> at java.security.AccessController.doPrivileged(Native Method)
> at SecureLucene.getIndexWriter(SecureLucene.java:120)
> at SecureLucene.runTest(SecureLucene.java:72)
> at SecureLucene.main(SecureLucene.java:52)
> Caused by: java.lang.IllegalArgumentException: A SPI class of type
> org.apache.lucene.codecs.Codec with name 'Lucene45' does not exist. You need
> to add the corresponding JAR file supporting this SPI to your classpath.The
> current classpath supports the following names: []
> at org.apache.lucene.util.NamedSPILoader.lookup(NamedSPILoader.java:109)
> at org.apache.lucene.codecs.Codec.forName(Codec.java:95)
> at org.apache.lucene.codecs.Codec.<clinit>(Codec.java:122)
> ... 8 more
--
This message was sent by Atlassian JIRA
(v6.1.5#6160)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
