This service will be undergoing maintenance at 00:00 UTC, 2017-10-23 It is expected to last about 30 minutes
Bug 1022778 - RBAC: Add READ_WHOLE_CONFIG sensitivity classification to "describe" op; enforce constraint on "describe" and "read-config-as-xml"
RBAC: Add READ_WHOLE_CONFIG sensitivity classification to "describe" op; enfo...
Status: CLOSED CURRENTRELEASE
Product: JBoss Enterprise Application Platform 6
Classification: JBoss
Component: Domain Management (Show other bugs)
6.2.0
Unspecified Unspecified
unspecified Severity high
: ER7
: EAP 6.2.0
Assigned To: Brian Stansberry
Ladislav Thon
Russell Dickenson
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2013-10-23 23:10 EDT by Brian Stansberry
Modified: 2013-12-15 11:18 EST (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2013-12-15 11:18:50 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Brian Stansberry 2013-10-23 23:10:49 EDT
EAP includes a couple of unusual operations that allow reads of chunks or all of the model: "read-config-as-xml" and the internal-only "describe". These operations should have sensitive resource constraints to ensure that they don't provide an alternate way of reading resources.

A couple fixes need to be backported from WildFly related to these:

1) Add the READ_WHOLE_CONFIG sensitivity constraint to the "describe" op.

2) Alter the execution of both so the constraint is properly enforced.
Comment 2 Ladislav Thon 2013-11-06 06:36:14 EST
Verified with EAP 6.2.0.ER7.

Note You need to log in before you can comment on or make changes to this bug.