[cap-talk] Need help with the confused deputy problemand Object-capability model
Toby Murray
toby.murray at comlab.ox.ac.uk
Fri May 23 03:34:33 CDT 2008
On Thu, 2008-05-22 at 11:17 -0600, Pan Liu wrote:
> Thank you for your help.
>
> Could you answer me another question? Since the confused deputy
> problem is mainly because of the separation of designation and
> authority, but do you think that the excess authority is also a reason
> for that?
>
The Confused Deputy problem arises because designation and authority are
separated. It manifests itself as the user of the compiler having excess
authority -- the user of the compiler can *cause* the compiler to write
to the billing file on the user's behalf. Hence the user has excess
authority because the compiler is a confused deputy, due to the
separation of designation and authority.
Hope that helps,
Cheers
Toby
More information about the cap-talk
mailing list