[
https://issues.apache.org/jira/browse/JCRVLT-100?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14953293#comment-14953293
]
Tobias Bocanegra commented on JCRVLT-100:
-----------------------------------------
we can try to avoid to pass the root node and just provide a session. however,
installing packages w/o read access to the root node is a weird requirement.
especially listing the children of the root node becomes challanging :-) which
is required to properly apply the filter.
> FileVault requires access to root node
> --------------------------------------
>
> Key: JCRVLT-100
> URL: https://issues.apache.org/jira/browse/JCRVLT-100
> Project: Jackrabbit FileVault
> Issue Type: Bug
> Components: Misc, Packaging
> Reporter: angela
> Attachments: JCRVLT-99_DefaultWorkspaceFilter.patch,
> JCRVLT-99_DocViewSAXImporter_JcrSysViewTransformer.patch,
> JCRVLT-99_Importer.patch, JCRVLT-99_JcrPackageDefinitionImpl.patch,
> JCRVLT-99_JcrPackageManagerImpl.patch, filevault_root_access.txt
>
>
> Based on the JCRLT-99 i searched the code base for additional places where
> access to the root node is required.
> [~tripod], in the attached {{filevault_root_access.txt}} you can find the
> complete result for searching the jcrvlt code base for {{getRootNode}}. some
> seemed to be valid shortcuts (marked with _(excluded)_) but i suspect that
> others might require some attention.
> if using the functionality provided with a non-admin session, access to the
> root node is likely to not be granted thus rendering the filevault unusable
> (or risking privilege escalations by being forced to grant a non-privileged
> session full access up to the root node).
> i will create individual subtasks for the various parts that IMHO need to be
> fixed.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
