[Date Prev][Date Next] [Chronological] [Thread] [Top]

(ITS#3639) Inconsistent access checking in back-shell?

To: openldap-its@OpenLDAP.org
Subject: (ITS#3639) Inconsistent access checking in back-shell?
From: ando@sys-net.it
Date: Thu, 7 Apr 2005 22:25:12 GMT

Full_Name: Pierangelo Masarati
Version: HEAD/2.3/2.2
OS: Linux (whitebox)
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (81.72.89.40)


There appears to be an inconsistency between the behavior of back-shell and that
of all the remaining backends with respect to access checking for the modify
operation; back-shell appears to check for write permission to the entry
pseudo-attribute before attempting to send modifications to the underlying
script.  In general, access checking is pretty loose in preparing write
operations for back-shell, but this may be regarded as necessary because of its
intrinsic design limitations.  However, the highlighted behavior appears to be
more over-restrictiveand inconsistent.

p.

Prev by Date: (ITS#3640) back-ldap/back-meta is not checking access for write operations
Next by Date: Re: (ITS#3631) Implement granular write privileges
Index(es):
- Chronological
- Thread