[Freeipa-devel] [freeipa PR#341][opened] certprofile-mod: correctly authorise config update
mbasti-rh
freeipa-github-notification at redhat.com
Wed Dec 14 16:30:26 UTC 2016
URL: https://github.com/freeipa/freeipa/pull/341
Author: mbasti-rh
Title: #341: certprofile-mod: correctly authorise config update
Action: opened
PR body:
"""
Certificate profiles consist of an FreeIPA object, and a
corresponding Dogtag configuration object. When updating profile
configuration, changes to the Dogtag configuration are not properly
authorised, allowing unprivileged operators to modify (but not
create or delete) profiles. This could result in issuance of
certificates with fraudulent subject naming information, improper
key usage, or other badness.
Update certprofile-mod to ensure that the operator has permission to
modify FreeIPA certprofile objects before modifying the Dogtag
configuration.
https://fedorahosted.org/freeipa/ticket/6560
"""
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/341/head:pr341
git checkout pr341
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-pr-341.patch
Type: text/x-diff
Size: 1787 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20161214/3294d7a3/attachment.bin>
More information about the Freeipa-devel
mailing list