lucene-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Commit Tag Bot (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (LUCENE-4632) Restrict test-framework's write permissions more: Only allow write to per-JVM CWD and the clover.db.dir
Date Sun, 16 Dec 2012 01:00:45 GMT

    [ https://issues.apache.org/jira/browse/LUCENE-4632?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13533228#comment-13533228
] 

Commit Tag Bot commented on LUCENE-4632:
----------------------------------------

[branch_4x commit] Uwe Schindler
http://svn.apache.org/viewvc?view=revision&revision=1422439

Merged revision(s) 1422437 from lucene/dev/trunk:
LUCENE-4632: Restrict test-framework's write permissions more: Only allow write to per-JVM
CWD and the clover.db.dir; update randomizedtesting to 2.0.6

                
> Restrict test-framework's write permissions more: Only allow write to per-JVM CWD and
the clover.db.dir
> -------------------------------------------------------------------------------------------------------
>
>                 Key: LUCENE-4632
>                 URL: https://issues.apache.org/jira/browse/LUCENE-4632
>             Project: Lucene - Core
>          Issue Type: Improvement
>            Reporter: Uwe Schindler
>            Assignee: Uwe Schindler
>             Fix For: 4.1, 5.0
>
>         Attachments: LUCENE-4632.patch, LUCENE-4632.patch
>
>
> Currently we restring wrting to tests.tempDir after SOLR-4195, but it would be better
to restrict more and only let child JVMs write to their working dir and not outside (and maybe
corrumpt other JVMs).
> The problem with current setup is that the child JVM's policy file does not know the
runner number nor the absolute working directory (it must be absolute and platform-specific
with backslash/slash/... -> new File(".").getAbsolutePath().
> Dawid will release a new Junit4 package with a new sysprop passed to every child with
its full CWD: junit4.childvm.cwd
> In that case the policy file would use this property (and the clover.db.dir) to allow
write access and allow only read/execute access for the rest of the  filesystem.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@lucene.apache.org
For additional commands, e-mail: dev-help@lucene.apache.org


Mime
View raw message