Comment 6 for bug 1331912
Revision history for this message
| Tristan Cacqueray (tristan-cacqueray) wrote Re: V2 Trusts allow trustee to emulate trustor in other projects | #6 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
1b1ed1a
(Get the code!)
So, this is an un-expected privilege escalation through an out of scope user supplied project id.
This should warrant an OSSA...
It appears to have been introduced at least in Havana, but it may be in Grizzly as well.
@Jamie Lennox: do you think this can be backported without a massive refactoring ?