[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#3639) Inconsistent access checking in back-shell?

I forget why this check was added, but (as I recall) it
was purposely added.  The reasons to why likely can be
found in the commit log and/or -bugs/-devel list archives.
I'll try to dig about later...


At 03:25 PM 4/7/2005, ando@sys-net.it wrote:
>Full_Name: Pierangelo Masarati
>Version: HEAD/2.3/2.2
>OS: Linux (whitebox)
>URL: ftp://ftp.openldap.org/incoming/
>Submission from: (NULL) (
>There appears to be an inconsistency between the behavior of back-shell and that
>of all the remaining backends with respect to access checking for the modify
>operation; back-shell appears to check for write permission to the entry
>pseudo-attribute before attempting to send modifications to the underlying
>script.  In general, access checking is pretty loose in preparing write
>operations for back-shell, but this may be regarded as necessary because of its
>intrinsic design limitations.  However, the highlighted behavior appears to be
>more over-restrictiveand inconsistent.