Details
-
Bug
-
Resolution: Fixed
-
P3
-
1.0
-
1.0
-
generic
-
solaris_2.6
Description
PrivateCredentialPermission allows grants statements which have
a wildcard principalClass along with a regular principalName.
from a security point of view, this is a bad construct.
allowing any principal with the name "foo" (from any principalClass)
to access a private credential is not useful, and extremely risky
from a security perspective.
a wildcard principalClass AND wildcard principalName should be allowed.
a regular principalClass AND wildcard principalName should be allowed.
a wildcard principalClass AND regular principalName should NOT be allowed.
a wildcard principalClass along with a regular principalName.
from a security point of view, this is a bad construct.
allowing any principal with the name "foo" (from any principalClass)
to access a private credential is not useful, and extremely risky
from a security perspective.
a wildcard principalClass AND wildcard principalName should be allowed.
a regular principalClass AND wildcard principalName should be allowed.
a wildcard principalClass AND regular principalName should NOT be allowed.