On Tue, Nov 19, 2013 at 10:05:13AM -0700, Rich Megginson wrote: > On 11/19/2013 09:44 AM, Nalin Dahyabhai wrote: > >The language in the ticket description's pretty firm that this isn't > >going to be changed, and while I can _probably_ work around it on my > >end, I figured I'd ask here before going down that route: is there room > >to expand this check to a whitelist, a search path, or some other method > >that could be used to provide for my use case? > > Sure. Please file a ticket. We can figure out some way to hack > this for testing. What would you suggest? Great! I've opened ticket #47601 for this, and we can continue there if you like. In case there's more to discuss on the list, here are the options that come to mind: * When checking a modify request, only check the nsslapd-pluginPath value if it shows up in the mods list. * Add a run-time-configurable whitelist of acceptable locations. * Replace the check with logic to go ahead and try loading the module, unloading it if the load succeeds. I haven't tried any of these, but I think any of them would be enough. Thanks, Nalin -- 389-devel mailing list 389-devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/389-devel
