[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ITS#8866 (was: ITS review 6/14/2019)

To: Michael Ströder <michael@stroeder.com>, openldap-devel@openldap.org
Subject: Re: ITS#8866 (was: ITS review 6/14/2019)
From: Howard Chu <hyc@symas.com>
Date: Thu, 27 Jun 2019 17:18:57 +0100
In-reply-to: <748a7925-8b5c-7bbd-9dd4-cafd4e65b3c8@stroeder.com>
References: <75C436AED8239707278A1D62@[192.168.1.39]> <748a7925-8b5c-7bbd-9dd4-cafd4e65b3c8@stroeder.com>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:56.0) Gecko/20100101 Firefox/56.0 SeaMonkey/2.53

Michael Ströder wrote:
> On 6/14/19 5:15 PM, Quanah Gibson-Mount wrote:
>> Thanks to Ondrej, this list is a bit shorter now. :)
> 
> But one more I'd love to see in 2.4.48:
> 
> ITS#8866: RFE: slapo-constraint to return filter used in diagnostic message
> 
> https://www.openldap.org/its/index.cgi?findid=8866

I don't believe the information disclosure issues have been sufficiently answered there.
Overall it's a bad idea and goes against our standing policy of minimal disclosure.

At most you would expect something relevant in syslog. The actual rules in play are
only the sysadmin's business, not any end user's.

> I have a back-port patch for this in my own 2.4.47 packages because it
> is very useful.
> 
> Ciao, Michael.
> 
> 

-- 
  -- Howard Chu
  CTO, Symas Corp.           http://www.symas.com
  Director, Highland Sun     http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP  http://www.openldap.org/project/

Follow-Ups:
- Re: ITS#8866 (was: ITS review 6/14/2019)
  - From: Michael Ströder <michael@stroeder.com>

References:
- ITS review 6/14/2019
  - From: Quanah Gibson-Mount <quanah@symas.com>
- ITS#8866 (was: ITS review 6/14/2019)
  - From: Michael Ströder <michael@stroeder.com>

Prev by Date: Re: Persistent failures of test050
Next by Date: Re: ITS#8866 (was: ITS review 6/14/2019)
Index(es):
- Chronological
- Thread