[Date Prev][Date Next]
Re: (ITS#3472) return code should be 32 when no access to object
Kurt D. Zeilenga wrote:
To clarify: noSuchObject should be returned whenever (and whatever)
access to "entry" is required if "disclose" is not granted. Which means:
However, "disclose on error" (disclose) and
"don't disclose on error" (none) can be implemented now in
- when adding an entry, if no disclose is granted to the entry being added;
- when deleting an entry, if no disclose is granted to the entry being
- when renaming an entry, if no disclose is granted to the entry being
- when searching, but how? If the scope is "base", if no disclose is
granted to the searchBase; I guess it would be appropriate to always
return noSuchObject if no disclose is avalable for the searchBase,
otherwise an attacker could circumvent the check by searching for
onelevel or subtree while checkig for the existence of the baseObject;
- when accessing a referral, if no disclose is granted to the entry
containing the referralObject.
I'd also send noSuchObject if disclose is not granted to the "children"
attribute of parents whenever required (i.e. add, delete, rename).
Another comment: should "disclose" be also granted for each operation to
succeed, or should it be checked only if the required access is not
available, to decide what error to return? In case, I vote for the latter.
Note that since access to the entry pseudo-attribute is already checked,
the extra check for disclose can be easily implemented by using
access_allowed_mask(), which also returns the complete access mask and
can be used to check if disclose is granted in case the requested
privilege is not granted.
SysNet - via Dossi,8 27100 Pavia Tel: +390382573859 Fax: +390382476497