summaryrefslogtreecommitdiff
path: root/source4/dsdb/tests
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2013-01-09 16:59:18 +1100
committerStefan Metzmacher <metze@samba.org>2013-01-15 12:14:25 +0100
commitb7b91c85945fab87e55cd8fd65a5b4c50a61d03b (patch)
treea5c6d61346806975d85e7b3a147675563fe2a17e /source4/dsdb/tests
parentb26668c606057fb30b20efd912284c3e79d547ff (diff)
downloadsamba-b7b91c85945fab87e55cd8fd65a5b4c50a61d03b.tar.gz
samba-b7b91c85945fab87e55cd8fd65a5b4c50a61d03b.tar.bz2
samba-b7b91c85945fab87e55cd8fd65a5b4c50a61d03b.zip
dsdb-acl: Run sec_access_check_ds on each attribute proposed to modify (bug #9554 - CVE-2013-0172)
This seems inefficient, but is needed for correctness. The alternative might be to have the sec_access_check_ds code confirm that *all* of the nodes in the object tree have been cleared to node->remaining_bits == 0. Otherwise, I fear that write access to one attribute will become write access to all attributes. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> (cherry picked from commit d776fd807e0c9a62f428ce666ff812655f98bc47)
Diffstat (limited to 'source4/dsdb/tests')
0 files changed, 0 insertions, 0 deletions