Red Hat Bugzilla – Bug 1022778
RBAC: Add READ_WHOLE_CONFIG sensitivity classification to "describe" op; enforce constraint on "describe" and "read-config-as-xml"
Last modified: 2013-12-15 11:18:50 EST
EAP includes a couple of unusual operations that allow reads of chunks or all of the model: "read-config-as-xml" and the internal-only "describe". These operations should have sensitive resource constraints to ensure that they don't provide an alternate way of reading resources.
A couple fixes need to be backported from WildFly related to these:
1) Add the READ_WHOLE_CONFIG sensitivity constraint to the "describe" op.
2) Alter the execution of both so the constraint is properly enforced.
Verified with EAP 6.2.0.ER7.