Re: Module removed from user acl hangs around...

[<jam...@te...>]

>> will be created.  When you do step 4, remove the module, the acl hangs
>> around (i.e. it does not get deleted).   I am not sure if this could be
>> exploited or even lends itself to a writer of a module shooting
themselves
>> in the foot and allowing what was not intended to be allowed.  Even
>> still I don't think its the right thing to do.  Is this seen as
>> a problem by any others?
>
> That is actually a feature, so that if you give the module back to the
> user in future he will have the same access control settings as before.

I kind of figured that may be the reason its left around.  My main concern
with it being left around is a module
being written that uses another modules ACL for something becuase it is
going to use a foreign function from that
module.  What should occur (at least as I understand it the webmin code)
is:

     1) Make sure the user can even use the foreign module at all; if not
abort (or don't show the link (-:).
     2) Then make sure the user can do the particular foreign funciton.

What I am afraid of is code that is written that neglects to do the first
check.  What I think could avoid this from occuring
and still keep the feature around (I agree it is a nice feature; I am just
your security paranoid concience talking to you (-;)
is that you rename the acl when that module is removed from the users list
of modules.  For instance, say its user test,
and the fdisk module is being removed, then the acl file:

     fdisk/test.acl

could be renamed to:

     fdisk/_old_test.acl

or prepend a dot or whatever seems nice.  If the module gets added back
then it would look for the users old
acl file and rename it appropriately.

Just a thought...james