[cap-talk] Confused Deputy, multiple authorities
Jed at Webstart
donnelley1 at webstart.com
Thu Oct 19 20:52:08 CDT 2006
At 03:54 PM 10/17/2006, Charles Landau wrote:
>At 2:15 PM -0700 10/17/06, Mark Miller wrote:
> >Kragen makes other points about confused deputy problems on the web:
> >http://lists.canonical.org/pipermail/kragen-tol/2000-August/000619.html
> >http://archive.cert.uni-stuttgart.de/archive/bugtraq/2000/05/msg00141.html
>
>Whoa, now I'm confused.
>
>The examples Kragen gives ...
Sorry, but I've not had time to review these. I'm just going to comment
briefly on:
>...
>And while I'm criticizing Confused Deputy examples, the passwd
>example in http://en.wikipedia.org/wiki/Confused_Deputy is either
>poorly explained or not really a Confused Deputy example. Where are
>the multiple authorities? The passwd command isn't using any
>authority from the user.
which I didn't write, but I also didn't correct as I believe I understood
the sense of "confused" deputy. The authority of the deputy in
the case of passwd is root - an authority that can change any
password (and much more) in, for example, the /etc/passwd file.
The authority of the user making the passwd request is whatever
their UID is that the passwd command can determine by that
hack "original UID" mechanism or whatever it is that Unix
calls it.
If this needs to be corrected, I suggest that we hash it out
here and get it right. This seems a pretty important issue
to me, though I'm afraid I have very little time right now to
help very much (including spending much time thinking about
the issues - though I'll do my best with limited time).
--Jed http://www.webstart.com/jed/
More information about the cap-talk
mailing list