[jira] [Commented] (JCRVLT-100) FileVault requires read access to root node

Mon, 12 Oct 2015 03:05:55 -0700 

    [ 
https://issues.apache.org/jira/browse/JCRVLT-100?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14952890#comment-14952890
 ] 

angela commented on JCRVLT-100:
-------------------------------

subtasks with patches are:
- JCRVLT-99
- JCRVLT-101
- JCRVLT-102
- JCRVLT-103
- JCRVLT-104

I also looked at {{ZipVaultPackage}} but didn't see an easy way to have the 
{{InstallContextImpl}} not created with the root node as there doesn't see to 
be a way to pass in the install context root path and don't feel familiar 
enough the related feature set to introduce it... [~tripod], what would be the 
impact if the root node is not accessible? would it work _if_ the install 
context was not the root or are the many other dependencies that additionally 
assume that that the ctx is bound to the root?
same for the other remaining usages.

> FileVault requires read access to root node
> -------------------------------------------
>
>                 Key: JCRVLT-100
>                 URL: https://issues.apache.org/jira/browse/JCRVLT-100
>             Project: Jackrabbit FileVault
>          Issue Type: Bug
>          Components: Misc, Packaging
>            Reporter: angela
>         Attachments: JCRVLT-99_DefaultWorkspaceFilter.patch, 
> JCRVLT-99_DocViewSAXImporter_JcrSysViewTransformer.patch, 
> JCRVLT-99_Importer.patch, JCRVLT-99_JcrPackageDefinitionImpl.patch, 
> JCRVLT-99_JcrPackageManagerImpl.patch, filevault_root_access.txt
>
>
> Based on the JCRLT-99 i searched the code base for additional places where 
> access to the root node is required.
> [~tripod], in the attached {{filevault_root_access.txt}} you can find the 
> complete result for searching the jcrvlt code base for {{getRootNode}}. some 
> seemed to be valid shortcuts (marked with _(excluded)_) but i suspect that 
> others might require some attention.
> if using the functionality provided with a non-admin session, access to the 
> root node is likely to not be granted thus rendering the filevault unusable 
> (or risking privilege escalations by being forced to grant a non-privileged 
> session full access up to the root node).
> i will create individual subtasks for the various parts that IMHO need to be 
> fixed.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to