Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.

Bug 1051167

Summary: [CCC] (6.2.x CONTENDED) WritableServiceBasedNamingStore is missing checkPermissions call in its methods
Product: [JBoss] JBoss Enterprise Application Platform 6 Reporter: Carlo de Wolf <cdewolf>
Component: NamingAssignee: emartins
Status: CLOSED NOTABUG QA Contact:
Severity: high Docs Contact:
Priority: urgent    
Version: 6.2.0CC: asaldhan, bbaranow, jawilson, jcacek, myarboro, sdouglas, smumford
Target Milestone: ---   
Target Release: EAP 6.2.2   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: 1051137 Environment:
Last Closed: 2014-02-17 10:13:48 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1051137    
Bug Blocks: 953259    

Description Carlo de Wolf 2014-01-09 19:27:18 UTC 
+++ This bug was initially created as a clone of Bug #1051137 +++

Description of problem:
WritableServiceBasedNamingStore  in the naming implementation is missing the checkPermissions logic available in InMemoryNamingStore.  All the important methods need to have the checkPermissions call with the JNDI permissions.

Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1.
2.
3.

Actual results:


Expected results:


Additional info:
This has been flagged by the Security Evaluators of Common Criteria Evaluation of JBoss EAP 6.
Comment 3 emartins 2014-01-16 11:16:43 UTC 
I have been discussing this with several people, there is a common opinion this is a non issue, and thus this bugzilla should be closed.
Comment 5 Anil Saldhana 2014-01-16 15:58:18 UTC 
Since the call paths to this store are going to be secured, this BZ is no longer relevant, It can be closed. The external security evaluators have agreed with our assessment.