lucene-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Rick Hillegas (JIRA)" <j...@apache.org>
Subject [jira] [Comment Edited] (LUCENE-5471) Classloader issues when running Lucene under a java SecurityManager
Date Sat, 01 Mar 2014 21:59:19 GMT

    [ https://issues.apache.org/jira/browse/LUCENE-5471?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13917204#comment-13917204
] 

Rick Hillegas edited comment on LUCENE-5471 at 3/1/14 9:58 PM:
---------------------------------------------------------------

Attaching a third version of SecureLucene.java. I have wrapped a privilege block around the
application's Lucene calls and pruned some more permissions. This significantly reduces the
attack surface.

At this point, I do not need to grant Lucene any runtime or reflection permissions and I do
not need to grant Lucene read access to all of the files in the file system. I do not need
to grant the application read access to all files in the file system, either. It turns out
that Codec loading simply depends on the ability to read the Lucene core jar file.

Here are the reduced permissions which I need to grant:

{noformat}
grant codeBase "file:/Users/rh161140/derby/derby-590/trunk/tools/java/lucene-core-4.5.0.jar"
{
  // permissions for file access, write access only to sandbox:
  permission java.io.FilePermission "/Users/rh161140/derby/derby-590/luceneTest", "read,write,delete";
  permission java.io.FilePermission "/Users/rh161140/derby/derby-590/luceneTest/-", "read,write,delete";
  
  // Basic permissions needed for Lucene to work:
  permission java.util.PropertyPermission "user.dir", "read";
  permission java.util.PropertyPermission "sun.arch.data.model", "read";
};

grant codeBase "file:/Users/rh161140/src/"
{
  // permissions for file access, write access only to sandbox:
  permission java.io.FilePermission "/Users/rh161140/derby/derby-590/trunk/tools/java/lucene-core-4.5.0.jar",
"read";
  permission java.io.FilePermission "/Users/rh161140/derby/derby-590/luceneTest", "read,write";
  permission java.io.FilePermission "/Users/rh161140/derby/derby-590/luceneTest/-", "read,write,delete";
  
  // Basic permissions needed for Lucene to work:
  permission java.util.PropertyPermission "user.dir", "read";
  permission java.util.PropertyPermission "sun.arch.data.model", "read";
};
{noformat}



was (Author: rhillegas):
Attaching a third version of SecureLucene.java. I have wrapped a privilege block around the
application's Lucene calls and pruned some more permissions. This significantly reduces the
attack surface.

At this point, I do not need to grant Lucene any runtime or reflection permissions and I do
not need to grant Lucene read access to all of the files in the file system. I do not need
to grant the application read access to all files in the file system, either. It turns out
that Codec loading simply depends on the ability to read the Lucene core jar file.

Here are the reduced permissions which I need to grant:

grant codeBase "file:/Users/rh161140/derby/derby-590/trunk/tools/java/lucene-core-4.5.0.jar"
{
  // permissions for file access, write access only to sandbox:
  permission java.io.FilePermission "/Users/rh161140/derby/derby-590/luceneTest", "read,write,delete";
  permission java.io.FilePermission "/Users/rh161140/derby/derby-590/luceneTest/-", "read,write,delete";
  
  // Basic permissions needed for Lucene to work:
  permission java.util.PropertyPermission "user.dir", "read";
  permission java.util.PropertyPermission "sun.arch.data.model", "read";
};

grant codeBase "file:/Users/rh161140/src/"
{
  // permissions for file access, write access only to sandbox:
  permission java.io.FilePermission "/Users/rh161140/derby/derby-590/trunk/tools/java/lucene-core-4.5.0.jar",
"read";
  permission java.io.FilePermission "/Users/rh161140/derby/derby-590/luceneTest", "read,write";
  permission java.io.FilePermission "/Users/rh161140/derby/derby-590/luceneTest/-", "read,write,delete";
  
  // Basic permissions needed for Lucene to work:
  permission java.util.PropertyPermission "user.dir", "read";
  permission java.util.PropertyPermission "sun.arch.data.model", "read";
};


> Classloader issues when running Lucene under a java SecurityManager
> -------------------------------------------------------------------
>
>                 Key: LUCENE-5471
>                 URL: https://issues.apache.org/jira/browse/LUCENE-5471
>             Project: Lucene - Core
>          Issue Type: Bug
>    Affects Versions: 4.5
>            Reporter: Rick Hillegas
>         Attachments: SecureLucene.java, SecureLucene.java
>
>
> I see the following error when I run Lucene 4.5.0 under a java SecurityManager. I will
attach a test program which shows this problem. The program works fine when a SecurityManager
is not installed. But the program fails when I install a SecurityManager. Even more puzzling,
the program works if I first run it without a SecurityManager, then install a SecurityManager,
then re-run the program, all within the lifetime of a single JVM. I would appreciate advice
about how to work around this problem:
> Exception in thread "main" java.lang.ExceptionInInitializerError
> 	at org.apache.lucene.index.LiveIndexWriterConfig.<init>(LiveIndexWriterConfig.java:122)
> 	at org.apache.lucene.index.IndexWriterConfig.<init>(IndexWriterConfig.java:165)
> 	at SecureLucene$1.run(SecureLucene.java:129)
> 	at SecureLucene$1.run(SecureLucene.java:122)
> 	at java.security.AccessController.doPrivileged(Native Method)
> 	at SecureLucene.getIndexWriter(SecureLucene.java:120)
> 	at SecureLucene.runTest(SecureLucene.java:72)
> 	at SecureLucene.main(SecureLucene.java:52)
> Caused by: java.lang.IllegalArgumentException: A SPI class of type org.apache.lucene.codecs.Codec
with name 'Lucene45' does not exist. You need to add the corresponding JAR file supporting
this SPI to your classpath.The current classpath supports the following names: []
> 	at org.apache.lucene.util.NamedSPILoader.lookup(NamedSPILoader.java:109)
> 	at org.apache.lucene.codecs.Codec.forName(Codec.java:95)
> 	at org.apache.lucene.codecs.Codec.<clinit>(Codec.java:122)
> 	... 8 more



--
This message was sent by Atlassian JIRA
(v6.1.5#6160)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@lucene.apache.org
For additional commands, e-mail: dev-help@lucene.apache.org


Mime
View raw message