janhoy commented on code in PR #2712:
URL: https://github.com/apache/solr/pull/2712#discussion_r1802073770
##########
gradle/testing/randomization/policies/solr-tests.policy:
##########
@@ -109,6 +109,8 @@ grant {
permission java.lang.RuntimePermission "writeFileDescriptor";
// needed by hadoop http
permission java.lang.RuntimePermission "getProtectionDomain";
+ // SolrProcessMgr to list processes
+ permission java.lang.RuntimePermission "manageProcess";
Review Comment:
Note that we need to grant "manageProcess" permission only for tests, since
tests run under the security manager and list and spawn processes. But the only
current use of SolrProcessManager is from StatusTool which runs in SolrCLI
which is not invoked with security manager.
If we want Solr's runtime to use SolrProcessManager in the future, we'd need
to add this permission to `security.policy` as well. Not doing that since it
would grant a potential attacker the right to not only list processes started
by others users, but also terminate them.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscr...@solr.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@solr.apache.org
For additional commands, e-mail: issues-h...@solr.apache.org
