[Date Prev][Date Next] [Chronological] [Thread] [Top]

(ITS#3639) Inconsistent access checking in back-shell?

Full_Name: Pierangelo Masarati
Version: HEAD/2.3/2.2
OS: Linux (whitebox)
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (

There appears to be an inconsistency between the behavior of back-shell and that
of all the remaining backends with respect to access checking for the modify
operation; back-shell appears to check for write permission to the entry
pseudo-attribute before attempting to send modifications to the underlying
script.  In general, access checking is pretty loose in preparing write
operations for back-shell, but this may be regarded as necessary because of its
intrinsic design limitations.  However, the highlighted behavior appears to be
more over-restrictiveand inconsistent.