From bc5f837344a32b7795bd1d727251e639b33056c0 Mon Sep 17 00:00:00 2001 From: Marcus Date: Wed, 5 Feb 2020 16:17:55 -0800 Subject: [PATCH] SOLR-14147 change the Security manager to default to true. (#1141) * change the Security manager to default. * update the ref-guide. * uncomment init scripts update changes. * changed the ref guide and re-commented file. * remove added comment. * modified shell script. * removed comment in windows file. Signed-off-by: marcussorealheis * bashism and fix windows * remove space Signed-off-by: marcussorealheis --- solr/CHANGES.txt | 4 +++- solr/bin/solr | 10 +++++----- solr/bin/solr.cmd | 6 +++++- solr/bin/solr.in.cmd | 3 ++- solr/bin/solr.in.sh | 2 +- solr/solr-ref-guide/src/securing-solr.adoc | 4 ---- 6 files changed, 16 insertions(+), 13 deletions(-) diff --git a/solr/CHANGES.txt b/solr/CHANGES.txt index f7269482469..ef1d88eff75 100644 --- a/solr/CHANGES.txt +++ b/solr/CHANGES.txt @@ -81,7 +81,9 @@ Upgrade Notes * SOLR-13985: Solr's Jetty now binds to localhost network interface by default for better out of the box security. Administrators that need Solr exposed more broadly can change the SOLR_JETTY_HOST property in their Solr include (solr.in.sh/solr.in.cmd) file. (Jason Gerlowski, David Smiley, Robert Muir) - + +* SOLR-14147: Solr now runs with the java security manager enabled by default. Administrators that need to run Solr with Hadoop will need to disable this feature by setting SOLR_SECURITY_MANAGER=false in the environment or in one of the Solr init scripts. Other features in Solr could also break. (Robert Muir, marcussorealheis) + Improvements ---------------------- diff --git a/solr/bin/solr b/solr/bin/solr index df068d503a9..2dfef33e272 100755 --- a/solr/bin/solr +++ b/solr/bin/solr @@ -2086,12 +2086,12 @@ else REMOTE_JMX_OPTS=() fi -# Enable java security manager (limiting filesystem access and other things) -if [ "$SOLR_SECURITY_MANAGER_ENABLED" == "true" ]; then +# Enable java security manager (allowing filesystem access and other things) +if [ "${SOLR_SECURITY_MANAGER_ENABLED:-true}" == "true" ]; then SECURITY_MANAGER_OPTS=('-Djava.security.manager' \ - "-Djava.security.policy=${SOLR_SERVER_DIR}/etc/security.policy" \ - "-Djava.security.properties=${SOLR_SERVER_DIR}/etc/security.properties" \ - '-Dsolr.internal.network.permission=*') + "-Djava.security.policy=${SOLR_SERVER_DIR}/etc/security.policy" \ + "-Djava.security.properties=${SOLR_SERVER_DIR}/etc/security.properties" \ + '-Dsolr.internal.network.permission=*') else SECURITY_MANAGER_OPTS=() fi diff --git a/solr/bin/solr.cmd b/solr/bin/solr.cmd index 0de643f4d06..2f28bd68e0a 100755 --- a/solr/bin/solr.cmd +++ b/solr/bin/solr.cmd @@ -1187,7 +1187,11 @@ IF "%ENABLE_REMOTE_JMX_OPTS%"=="true" ( set REMOTE_JMX_OPTS= ) -REM Enable java security manager (limiting filesystem access and other things) +REM Enable java security manager by default (limiting filesystem access and other things) +IF NOT DEFINED SOLR_SECURITY_MANAGER_ENABLED ( + set SOLR_SECURITY_MANAGER_ENABLED=true +) + IF "%SOLR_SECURITY_MANAGER_ENABLED%"=="true" ( set SECURITY_MANAGER_OPTS=-Djava.security.manager ^ -Djava.security.policy="%SOLR_SERVER_DIR%\etc\security.policy" ^ diff --git a/solr/bin/solr.in.cmd b/solr/bin/solr.in.cmd index 5a87f5f7bc8..cc85100170e 100755 --- a/solr/bin/solr.in.cmd +++ b/solr/bin/solr.in.cmd @@ -17,6 +17,7 @@ @echo off REM Settings here will override settings in existing env vars or in bin/solr. The default shipped state + REM of this file is completely commented. REM By default the script will use JAVA_HOME to determine which java @@ -197,4 +198,4 @@ REM Runs solr in a java security manager sandbox. This can protect against some REM Runtime properties are passed to the security policy file (server\etc\security.policy) REM You can also tweak via standard JDK files such as ~\.java.policy, see https://s.apache.org/java8policy REM This is experimental! It may not work at all with Hadoop/HDFS features. -REM set SOLR_SECURITY_MANAGER_ENABLED=false +REM set SOLR_SECURITY_MANAGER_ENABLED=true \ No newline at end of file diff --git a/solr/bin/solr.in.sh b/solr/bin/solr.in.sh index 58227a8e8cb..412c7a4573b 100644 --- a/solr/bin/solr.in.sh +++ b/solr/bin/solr.in.sh @@ -229,4 +229,4 @@ # Runtime properties are passed to the security policy file (server/etc/security.policy) # You can also tweak via standard JDK files such as ~/.java.policy, see https://s.apache.org/java8policy # This is experimental! It may not work at all with Hadoop/HDFS features. -#SOLR_SECURITY_MANAGER_ENABLED=false +#SOLR_SECURITY_MANAGER_ENABLED=true diff --git a/solr/solr-ref-guide/src/securing-solr.adoc b/solr/solr-ref-guide/src/securing-solr.adoc index 783f563e95d..30d4820e35d 100644 --- a/solr/solr-ref-guide/src/securing-solr.adoc +++ b/solr/solr-ref-guide/src/securing-solr.adoc @@ -79,7 +79,6 @@ SOLR_IP_BLACKLIST="192.168.0.3, 192.168.0.4" ZooKeeper is a central and important part of a SolrCloud cluster and understanding how to secure its content is covered in the <> page. - == Network Configuration // tag::security-network-binding-1[] @@ -95,6 +94,3 @@ It is also strongly recommended that Solr listen to only those network interface ---- // end::security-network-binding-1[] -== Enable Security Manager - -Solr can run in a Java Security Manager sandbox by setting `SOLR_SECURITY_MANAGER_ENABLED=true` via environment variable or in `solr.in.sh`/`solr.in.cmd`. This feature is incompatible with Hadoop.