Am 03/06/2022 um 13:50 schrieb Fabian Grünbichler: > these patches fix two related bugs: > - the propagation flag used for priv dumping was set randomly if two > roles with a common priv exist on a path, one with and one without > propagation > - user/token priv intersection only took user privs into account that > had propagation set > > the first can affect the second one negatively (if the first bug causes > the propagation flag to be dropped, the second one will drop the priv > from the merged set of privileges for priv-separated tokens). > > in both cases there is no possibility to elevate privileges: > - bug #1 sometimes marks privs as non-propagated that are, but only for > display, not for checking purposes > - bug #2 causes a token to have less privileges than it should, not more > > Fabian Grünbichler (3): > permissions: properly merge propagation flag > permissions: fix token/user priv intersection > permissions: add some more comments > > src/PVE/RPCEnvironment.pm | 44 +++++++++++++++++++++++++++++++++++---- > src/test/perm-test8.pl | 2 +- > src/test/test8.cfg | 2 ++ > 3 files changed, 43 insertions(+), 5 deletions(-) >
applied series, thanks! _______________________________________________ pve-devel mailing list pve-devel@lists.proxmox.com https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
