[cap-talk] "ACLs don't" paper rejected from Oakland 09
Toby Murray
toby.murray at comlab.ox.ac.uk
Wed Feb 4 02:45:17 CST 2009
On Tue, 2009-02-03 at 16:44 +0000, David-Sarah Hopwood wrote:
> > In the ACL case, the user can cause the compiler to write to the
> > logfile. In the ACL case it cannot. Hence it's authority is greater.
>
> Right; we don't disagree on that. (More precisely, it is greater in
> examples where the Compiler had permission to the output file
> already, and didn't need that permission to be delegated to it.)
Sorry (I keep doing this ;( ) that second "ACL case" above should have
been "capabilities" case. I think we agree that the user's authority is
greater in the ACL case -- that is the symptom of the existence of the
confused deputy.
More information about the cap-talk
mailing list