these patches fix two related bugs: - the propagation flag used for priv dumping was set randomly if two roles with a common priv exist on a path, one with and one without propagation - user/token priv intersection only took user privs into account that had propagation set
the first can affect the second one negatively (if the first bug causes the propagation flag to be dropped, the second one will drop the priv from the merged set of privileges for priv-separated tokens). in both cases there is no possibility to elevate privileges: - bug #1 sometimes marks privs as non-propagated that are, but only for display, not for checking purposes - bug #2 causes a token to have less privileges than it should, not more Fabian Grünbichler (3): permissions: properly merge propagation flag permissions: fix token/user priv intersection permissions: add some more comments src/PVE/RPCEnvironment.pm | 44 +++++++++++++++++++++++++++++++++++---- src/test/perm-test8.pl | 2 +- src/test/test8.cfg | 2 ++ 3 files changed, 43 insertions(+), 5 deletions(-) -- 2.30.2 _______________________________________________ pve-devel mailing list pve-devel@lists.proxmox.com https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
