You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@jackrabbit.apache.org by "Tobias Bocanegra (JIRA)" <ji...@apache.org> on 2015/10/12 21:23:05 UTC
[jira] [Resolved] (JCRVLT-100) FileVault requires access to root
node
[ https://issues.apache.org/jira/browse/JCRVLT-100?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Tobias Bocanegra resolved JCRVLT-100.
-------------------------------------
Resolution: Fixed
Fix Version/s: 3.1.26
Closing this issue for now. Creating or installing a package w/o read access to the root node is not realistic. basic problem is that the child nodes of the root need the enumerated.
> FileVault requires access to root node
> --------------------------------------
>
> Key: JCRVLT-100
> URL: https://issues.apache.org/jira/browse/JCRVLT-100
> Project: Jackrabbit FileVault
> Issue Type: Bug
> Components: Misc, Packaging
> Reporter: angela
> Fix For: 3.1.26
>
> Attachments: JCRVLT-99_DefaultWorkspaceFilter.patch, JCRVLT-99_DocViewSAXImporter_JcrSysViewTransformer.patch, JCRVLT-99_Importer.patch, JCRVLT-99_JcrPackageDefinitionImpl.patch, JCRVLT-99_JcrPackageManagerImpl.patch, filevault_root_access.txt
>
>
> Based on the JCRLT-99 i searched the code base for additional places where access to the root node is required.
> [~tripod], in the attached {{filevault_root_access.txt}} you can find the complete result for searching the jcrvlt code base for {{getRootNode}}. some seemed to be valid shortcuts (marked with _(excluded)_) but i suspect that others might require some attention.
> if using the functionality provided with a non-admin session, access to the root node is likely to not be granted thus rendering the filevault unusable (or risking privilege escalations by being forced to grant a non-privileged session full access up to the root node).
> i will create individual subtasks for the various parts that IMHO need to be fixed.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)