Return-Path: 
 <oak-dev-return-5848-apmail-jackrabbit-oak-dev-archive=jackrabbit.apache.org@jackrabbit.apache.org>
X-Original-To: apmail-jackrabbit-oak-dev-archive@minotaur.apache.org
Delivered-To: apmail-jackrabbit-oak-dev-archive@minotaur.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id A727610F50
	for <apmail-jackrabbit-oak-dev-archive@minotaur.apache.org>;
 Wed,  5 Feb 2014 19:01:34 +0000 (UTC)
Received: (qmail 74469 invoked by uid 500); 5 Feb 2014 19:01:33 -0000
Delivered-To: apmail-jackrabbit-oak-dev-archive@jackrabbit.apache.org
Received: (qmail 74430 invoked by uid 500); 5 Feb 2014 19:01:33 -0000
Mailing-List: contact oak-dev-help@jackrabbit.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:oak-dev-help@jackrabbit.apache.org>
List-Unsubscribe: <mailto:oak-dev-unsubscribe@jackrabbit.apache.org>
List-Post: <mailto:oak-dev@jackrabbit.apache.org>
List-Id: <oak-dev.jackrabbit.apache.org>
Reply-To: oak-dev@jackrabbit.apache.org
Delivered-To: mailing list oak-dev@jackrabbit.apache.org
Received: (qmail 74422 invoked by uid 99); 5 Feb 2014 19:01:33 -0000
Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230)
    by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 05 Feb 2014 19:01:33 +0000
X-ASF-Spam-Status: No, hits=-0.7 required=5.0
	tests=RCVD_IN_DNSWL_LOW,SPF_PASS
X-Spam-Check-By: apache.org
Received-SPF: pass (nike.apache.org: domain of jukka.zitting@gmail.com
 designates 209.85.214.180 as permitted sender)
Received: from [209.85.214.180] (HELO mail-ob0-f180.google.com)
 (209.85.214.180)
    by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 05 Feb 2014 19:01:27 +0000
Received: by mail-ob0-f180.google.com with SMTP id wp4so934209obc.25
        for <oak-dev@jackrabbit.apache.org>;
 Wed, 05 Feb 2014 11:01:05 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20120113;
        h=mime-version:in-reply-to:references:from:date:message-id:subject:to
         :content-type;
        bh=DbktmPXH/InFNIgEHqQHEKiuthxCyVQqBeB26psy/k0=;
        b=finOIr+Iag4LcveL4u1n1M0Fdcn1EufqQacns1t4EtOxA9q4S3MNKjsKeQOrwxXqXj
         2nQvOrYk5r+Ndg42rRm/fcfjLdrAuHVCIy1omVOwayheEzzyryVcquzb7k578l9e3lXM
         S/Ufnt+8WjqZMa1BPf32FFgvQ1P7EC68opsWoXU/KovbZ8CZQPPOIzg1H+8w1VX5R+2Z
         8kP0XhY5jzvtd89vzIyyhMPOMMeir2T+4O4YsDTx2rd8GwvXlPx2MWJvB2rjm+XGbGfq
         ZAYOfWWmtb1P4IQXLXWmICacvcZPo/fV0BQJy/zSqwyrKfJmBZS1p2aX/G6Uf2/B/UF9
         /d3g==
X-Received: by 10.182.223.114 with SMTP id qt18mr2773013obc.61.1391626865731;
 Wed, 05 Feb 2014 11:01:05 -0800 (PST)
MIME-Version: 1.0
Received: by 10.182.153.198 with HTTP; Wed, 5 Feb 2014 11:00:45 -0800 (PST)
In-Reply-To: <CF183E5C.1353C%anchela@adobe.com>
References: <CF183E5C.1353C%anchela@adobe.com>
From: Jukka Zitting <jukka.zitting@gmail.com>
Date: Wed, 5 Feb 2014 14:00:45 -0500
Message-ID: 
 <CAOFYJNafSkrvyQ5F5SNiC0HAcW=_HWPVd3jBRY1Q2JB23+MKug@mail.gmail.com>
Subject: Re: Security of Move Operations
To: Oak devs <oak-dev@jackrabbit.apache.org>
Content-Type: text/plain; charset=ISO-8859-1
X-Virus-Checked: Checked by ClamAV on apache.org

Hi,

On Wed, Feb 5, 2014 at 1:15 PM, Angela Schreiber <anchela@adobe.com> wrote:
> when discussing this in our weekly oak-meeting, tobi proposed
> to change the permission evaluation for the move such that
> modify-ac permission would be required on the source in order to
> be able to complete the move.
>
> this approach would however break backwards compatibility on how
> permissions are enforced upon move.

A possibly less intrusive alternative would be to require both read
and remove permissions on the whole subtree being moved. Even without
modify-ac, a user with full read/remove permissions could use other
content operations to achieve pretty much the same effect as a move.

BR,

Jukka Zitting