---
** [tickets:#1122] attribute authorizedGroup of access control feature is
modifiable by any user**
**Status:** unassigned
**Milestone:** 4.3.3
**Created:** Mon Sep 22, 2014 12:11 PM UTC by surender khetavath
**Last Updated:** Mon Sep 22, 2014 12:11 PM UTC
**Owner:** nobody
changeset : 5679
According to README.ACCESS_CONTROL:
"""authorizedGroup" is an optional attribute of type string holding the name of
an existing linux group. Members of this group will have access to IMM.
Only the root user can change these attributes.
"""
But any user, other than root user, is able to modify this attribute.
Trace shown below:
immcfg -a authorizedGroup="GROUP" opensafImm=opensafImm,safApp=safImmService
tet@SC-1:/etc/opensaf> immlist opensafImm=opensafImm,safApp=safImmService
Name Type Value(s)
========================================================================
authorizedGroup SA_STRING_T GROUP
accessControlMode SA_UINT32_T 0 (0x0)
SaImmAttrImplementerName SA_STRING_T OpenSafImmPBE
SaImmAttrClassName SA_STRING_T OpensafImm
SaImmAttrAdminOwnerName SA_STRING_T <Empty>
---
Sent from sourceforge.net because opensaf-tickets@lists.sourceforge.net is
subscribed to https://sourceforge.net/p/opensaf/tickets/
To unsubscribe from further messages, a project admin can change settings at
https://sourceforge.net/p/opensaf/admin/tickets/options. Or, if this is a
mailing list, you can unsubscribe from the mailing list.
------------------------------------------------------------------------------
Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer
Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI DSS Reports
Are you Audit-Ready for PCI DSS 3.0 Compliance? Download White paper
Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzer
http://pubads.g.doubleclick.net/gampad/clk?id=154622311&iu=/4140/ostg.clktrk
_______________________________________________
Opensaf-tickets mailing list
Opensaf-tickets@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/opensaf-tickets
