[cap-talk] Using C strings to hold capabilities.
Ben Laurie
ben at algroup.co.uk
Mon Oct 11 10:12:31 EDT 2004
John C. McCabe-Dansted wrote:
> Ben Laurie suggested instead using the contents of strings to grant authority
> rather than the pointers. This would simplify the situation further, though
> there are hypothetical situations where using the contents could allow the
> confused deputy problem to occur. For example if the application normally
> displays 'saving /etc/myapp/accounting.info', but displays 'saving 3eff3231'
> on capability based systems, tricking the app in using the "filename"
> '3eff3231' for other purposes could do bad things.
OK, I now see why you suggested your method. This would involve a good
deal of code rewriting, I'd think.
Cheers,
Ben.
--
ApacheCon! 13-17 November! http://www.apachecon.com/
http://www.apache-ssl.org/ben.html http://www.thebunker.net/
"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff
More information about the cap-talk
mailing list