xlat expansion of absent VPs
Alan DeKok
aland at deployingradius.com
Mon Jun 17 21:57:24 CEST 2013
Arran Cudbard-Bell wrote:
> I guess for things like command line arguments, yes, it would be.
>
> If it's a security issue arguably the entire expansion should fail, and we should force the user to deal with cases where an attribute may be NULL by specifying alternative static values.
Perhaps. It's a balance of usability and security.
> I don't see this as a usability issue because in the majority of cases an '_' isn't going to be what the admin wanted either.
It's at least a "known wrong" value.
> No, in a bunch of places radius_xlat()! was treated as an error.
Ouch.
Alan DeKok.
More information about the Freeradius-Devel
mailing list