[389-devel] Ticket #47384 (plugin library path validation) and out-of-tree modules
Nalin Dahyabhai
nalin at redhat.com
Tue Nov 19 16:44:20 UTC 2013
Hi, everyone.
I was recently adding a couple of changes to slapi-nis, and when I went
to run its self-tests, some of the tests that modify the plugin entry
started failing with LDAP_UNWILLING_TO_PERFORM. I tracked the denial
down to validation code that was added as part of ticket #47384.
While the tests don't modify the nsslapd-pluginPath attribute (the
entry's added to dse.ldif before the server starts up), some make other
changes to the plugin entry, and when they attempt that,
check_plugin_path() rejects the modify request.
The checks that were added, which ensure that plugins are only loaded
from the server's plugin directory, make it kind of difficult to run
tests using the copies of plugins in my build tree.
The language in the ticket description's pretty firm that this isn't
going to be changed, and while I can _probably_ work around it on my
end, I figured I'd ask here before going down that route: is there room
to expand this check to a whitelist, a search path, or some other method
that could be used to provide for my use case?
Thanks,
Nalin
More information about the 389-devel
mailing list