diff options
author | Andrew Bartlett <abartlet@samba.org> | 2013-01-09 16:59:18 +1100 |
---|---|---|
committer | Stefan Metzmacher <metze@samba.org> | 2013-01-15 12:14:25 +0100 |
commit | b7b91c85945fab87e55cd8fd65a5b4c50a61d03b (patch) | |
tree | a5c6d61346806975d85e7b3a147675563fe2a17e /source4/dsdb/tests | |
parent | b26668c606057fb30b20efd912284c3e79d547ff (diff) | |
download | samba-b7b91c85945fab87e55cd8fd65a5b4c50a61d03b.tar.gz samba-b7b91c85945fab87e55cd8fd65a5b4c50a61d03b.tar.bz2 samba-b7b91c85945fab87e55cd8fd65a5b4c50a61d03b.zip |
dsdb-acl: Run sec_access_check_ds on each attribute proposed to modify (bug #9554 - CVE-2013-0172)
This seems inefficient, but is needed for correctness. The
alternative might be to have the sec_access_check_ds code confirm that
*all* of the nodes in the object tree have been cleared to
node->remaining_bits == 0.
Otherwise, I fear that write access to one attribute will become write
access to all attributes.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit d776fd807e0c9a62f428ce666ff812655f98bc47)
Diffstat (limited to 'source4/dsdb/tests')
0 files changed, 0 insertions, 0 deletions