[pve-devel] [PATCH access-control 0/3] fix two propagation related bugs
Fabian Grünbichler
f.gruenbichler at proxmox.com
Fri Jun 3 13:50:46 CEST 2022
these patches fix two related bugs:
- the propagation flag used for priv dumping was set randomly if two
roles with a common priv exist on a path, one with and one without
propagation
- user/token priv intersection only took user privs into account that
had propagation set
the first can affect the second one negatively (if the first bug causes
the propagation flag to be dropped, the second one will drop the priv
from the merged set of privileges for priv-separated tokens).
in both cases there is no possibility to elevate privileges:
- bug #1 sometimes marks privs as non-propagated that are, but only for
display, not for checking purposes
- bug #2 causes a token to have less privileges than it should, not more
Fabian Grünbichler (3):
permissions: properly merge propagation flag
permissions: fix token/user priv intersection
permissions: add some more comments
src/PVE/RPCEnvironment.pm | 44 +++++++++++++++++++++++++++++++++++----
src/test/perm-test8.pl | 2 +-
src/test/test8.cfg | 2 ++
3 files changed, 43 insertions(+), 5 deletions(-)
--
2.30.2
More information about the pve-devel
mailing list