samba - Unnamed repository; edit this file 'description' to name the repository.

diff options

author	Andrew Bartlett <abartlet@samba.org>	2013-01-09 16:59:18 +1100
committer	Stefan Metzmacher <metze@samba.org>	2013-01-15 12:14:25 +0100
commit	b7b91c85945fab87e55cd8fd65a5b4c50a61d03b (patch)
tree	a5c6d61346806975d85e7b3a147675563fe2a17e /source4/dsdb/tests
parent	b26668c606057fb30b20efd912284c3e79d547ff (diff)
download	samba-b7b91c85945fab87e55cd8fd65a5b4c50a61d03b.tar.gz samba-b7b91c85945fab87e55cd8fd65a5b4c50a61d03b.tar.bz2 samba-b7b91c85945fab87e55cd8fd65a5b4c50a61d03b.zip

dsdb-acl: Run sec_access_check_ds on each attribute proposed to modify (bug #9554 - CVE-2013-0172)

This seems inefficient, but is needed for correctness. The alternative might be to have the sec_access_check_ds code confirm that *all* of the nodes in the object tree have been cleared to node->remaining_bits == 0. Otherwise, I fear that write access to one attribute will become write access to all attributes. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> (cherry picked from commit d776fd807e0c9a62f428ce666ff812655f98bc47)

Diffstat (limited to 'source4/dsdb/tests')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: