dbmdz/solr-ocrhighlighting

disable SOLR security manager

atomotic opened this issue · 2 comments

atomotic commented

I have been testing the latest plugin with solr-9.4 and I have noticed that it cannot read ocr files, throwing a java.io.FilePermission exception

solr-1  | Caused by: java.security.AccessControlException: access denied ("java.io.FilePermission" "/ocr/0d33e056-66de-4da9-89ec-07294045adc3.hocr" "read")
solr-1  |       at java.base/java.security.AccessControlContext.checkPermission(Unknown Source) ~[?:?]
solr-1  |       at java.base/java.security.AccessController.checkPermission(Unknown Source) ~[?:?]
solr-1  |       at java.base/java.lang.SecurityManager.checkPermission(Unknown Source) ~[?:?]
solr-1  |       at java.base/java.lang.SecurityManager.checkRead(Unknown Source) ~[?:?]
solr-1  |       at java.base/java.io.File.exists(Unknown Source) ~[?:?]
solr-1  |       at com.github.dbmdz.solrocr.model.SourcePointer$FileSource.<init>(SourcePointer.java:26) ~[?:?]
solr-1  |       at com.github.dbmdz.solrocr.model.SourcePointer$FileSource.parse(SourcePointer.java:52) ~[?:?]
solr-1  |       at java.base/java.util.stream.ReferencePipeline$3$1.accept(Unknown Source) ~[?:?]
solr-1  |       at java.base/java.util.Spliterators$ArraySpliterator.forEachRemaining(Unknown Source) ~[?:?]
solr-1  |       at java.base/java.util.stream.AbstractPipeline.copyInto(Unknown Source) ~[?:?]
solr-1  |       at java.base/java.util.stream.AbstractPipeline.wrapAndCopyInto(Unknown Source) ~[?:?]
solr-1  |       at java.base/java.util.stream.ReduceOps$ReduceOp.evaluateSequential(Unknown Source) ~[?:?]
solr-1  |       at java.base/java.util.stream.AbstractPipeline.evaluate(Unknown Source) ~[?:?]
solr-1  |       at java.base/java.util.stream.ReferencePipeline.collect(Unknown Source) ~[?:?]
solr-1  |       at com.github.dbmdz.solrocr.model.SourcePointer.parse(SourcePointer.java:131) ~[?:?]
solr-1  |       at solrocr.ExternalUtf8ContentFilterFactory.create(ExternalUtf8ContentFilterFactory.java:55) ~[?:?]
solr-1  |       at org.apache.solr.analysis.TokenizerChain.initReader(TokenizerChain.java:110) ~[?:?]
solr-1  |       at org.apache.lucene.analysis.AnalyzerWrapper.initReader(AnalyzerWrapper.java:141) ~[?:?]
solr-1  |       at org.apache.lucene.analysis.AnalyzerWrapper.initReader(AnalyzerWrapper.java:141) ~[?:?]
solr-1  |       at org.apache.lucene.analysis.Analyzer.tokenStream(Analyzer.java:191) ~[?:?]
solr-1  |       at org.apache.lucene.document.Field.tokenStream(Field.java:491) ~[?:?]
solr-1  |       at org.apache.lucene.index.IndexingChain$PerField.invertTokenStream(IndexingChain.java:1162) ~[?:?]
solr-1  |       at org.apache.lucene.index.IndexingChain$PerField.invert(IndexingChain.java:1146) ~[?:?]
solr-1  |       at org.apache.lucene.index.IndexingChain.processField(IndexingChain.java:697) ~[?:?]
solr-1  |       at org.apache.lucene.index.IndexingChain.processDocument(IndexingChain.java:576) ~[?:?]
solr-1  |       at org.apache.lucene.index.DocumentsWriterPerThread.updateDocuments(DocumentsWriterPerThread.java:242) ~[?:?]
solr-1  |       at org.apache.lucene.index.DocumentsWriter.updateDocuments(DocumentsWriter.java:432) ~[?:?]
solr-1  |       at org.apache.lucene.index.IndexWriter.updateDocuments(IndexWriter.java:1545) ~[?:?]
solr-1  |       at org.apache.lucene.index.IndexWriter.updateDocuments(IndexWriter.java:1521) ~[?:?]
solr-1  |       at org.apache.solr.update.DirectUpdateHandler2.updateDocOrDocValues(DirectUpdateHandler2.java:1062) ~[?:?]
solr-1  |       at org.apache.solr.update.DirectUpdateHandler2.doNormalUpdate(DirectUpdateHandler2.java:421) ~[?:?]
solr-1  |       at org.apache.solr.update.DirectUpdateHandler2.addDoc0(DirectUpdateHandler2.java:374) ~[?:?]
solr-1  |       at org.apache.solr.update.DirectUpdateHandler2.addDoc(DirectUpdateHandler2.java:311) ~[?:?]
solr-1  |       ... 62 more

I guess it cannot read files outside the Solr core directory

solr-ocrhighlighting/example/docker-compose.yml

Line 12 in 51737d3

- ./data:/data

Disabling SOLR_SECURITY_MANAGER seems to solve the problem. I don't know which release has changed something in Solr

 environment:
      - SOLR_SECURITY_MANAGER_ENABLED=false
tzere commented

Thank you for pointing this out. I came across the same issue - running on solr 9.4.1. The problem was solved by setting SOLR_SECURITY_MANAGER_ENABLED=false in solr.in.sh.
I wonder what the security consequences could be (Solr is accessible only within LAN).

jbaiter commented

Thanks for pointing this out, I updated the Docker setup to add the flag.
As for security consequences, disabling this will require you to completely trust the plugins you use with your Solr instance, like this one. If the Solr instance is only accessible from within your network, the threat level is probably quite low, since attackers would have to be already in the network, or the vulnerability/backdoor in potentially insecure/malicious plugins would have to be triggerable from a proxied query. So best review your plugins and review their source code before disabling the security manager.

  • 👍1