[Date Prev][Date Next] [Chronological] [Thread] [Top]

(ITS#8057) slapo-unique can be bypassed by anyone

To: openldap-its@OpenLDAP.org
Subject: (ITS#8057) slapo-unique can be bypassed by anyone
From: ondra@mistotebe.net
Date: Sat, 14 Feb 2015 18:16:48 +0000
Auto-submitted: auto-generated (OpenLDAP-ITS)

Full_Name: Ondrej Kuznik
Version: master
OS: 
URL: ftp://ftp.openldap.org/pub/Ondrej-Kuznik-20150214-ITS-8057-uniqueness-ACL.patch
Submission from: (NULL) (86.177.93.243)


This is caused by my fix for #6641. Since anyone can specify the manageDSAit
control on an operation it is trivial to bypass the uniqueness check as it
stands.

The above patch is derived from OpenLDAP Software. All of the
modifications to OpenLDAP Software represented in the above patches
were developed by Ondrej Kuznik <ondra@mistotebe.net>. I have not
assigned rights and/or interest in this work to any party. 

I, Ondrej Kuznik, hereby place the above modifications to OpenLDAP
Software (and only these modifications) into the public domain. Hence,
these modifications may be freely used and/or redistributed for any
purpose with or without attribution and/or other notice.

Prev by Date: Re: (ITS#8056) [PATCH] libdb version is not detected correctly when using gcc5
Next by Date: (ITS#8058) OpenLDAP: module autogroup (memberof)
Index(es):
- Chronological
- Thread