[
https://issues.apache.org/jira/browse/SOLR-4882?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Uwe Schindler updated SOLR-4882:
--------------------------------
Attachment: (was: SOLR-4882-fix.patch)
> Restrict SolrResourceLoader to only classloader accessible files and instance
> dir
> ---------------------------------------------------------------------------------
>
> Key: SOLR-4882
> URL: https://issues.apache.org/jira/browse/SOLR-4882
> Project: Solr
> Issue Type: Improvement
> Affects Versions: 4.3
> Reporter: Uwe Schindler
> Assignee: Uwe Schindler
> Labels: security
> Fix For: 4.6, 5.0
>
> Attachments: SOLR-4882.patch, SOLR-4882.patch, SOLR-4882.patch
>
>
> SolrResourceLoader currently allows to load files from any
> absolute/CWD-relative path, which is used as a fallback if the resource
> cannot be looked up via the class loader.
> We should limit this fallback to sub-dirs below the instanceDir passed into
> the ctor. The CWD special case should be removed, too (the virtual CWD is
> instance's config or root dir).
> The reason for this is security related. Some Solr components allow to pass
> in resource paths via REST parameters (e.g. XSL stylesheets, velocity
> templates,...) and load them via resource loader. By this it is possible to
> limit the whole thing to
> not allow loading e.g. /etc/passwd as a stylesheet.
> In 4.4 we should add a solrconfig.xml setting to enable the old behaviour,
> but disable it by default, if your existing installation requires the files
> from outside the instance dir which are not available via the URLClassLoader
> used internally. In Lucene 5.0 we should not support this anymore.
--
This message was sent by Atlassian JIRA
(v6.1.4#6159)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
