[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: R: Enforcing attribute ACL on add operations

Pierangelo Masarati <ando@sys-net.it> wrote:

> See ITS#4556 for discussion.

So this is not considered a security hole. But as far as I understand,
anyone that is allowed to add an entry anywhere can add a user with
random privileges. Did I miss something here? Can that be avoided?

Emmanuel Dreyfus