[cap-talk] Another UAC Confused Deputy
Toby Murray
toby.murray at comlab.ox.ac.uk
Wed Feb 4 16:21:50 EST 2009
On Wed, 2009-02-04 at 22:01 +0000, Toby Murray wrote:
> The evidence is mounting that all non-trivial IBAC systems will contain
> confused deputies,
More evidence, in the context of Java's IBAC, from MarkM on e-lang:
> From:
> Mark Miller <erights at gmail.com>
> Reply-To:
> Discussion of E and other
> capability languages
> <e-lang at mail.eros-os.org>
> To:
> Discussion of E and other
> capability languages
> <e-lang at mail.eros-os.org>
> Subject:
> [e-lang] Java security hole in
> interplay of stack introspection &
> deserialization
> Date:
> Wed, 4 Feb 2009 13:21:42 -0800
> (21:21 GMT)
>
>
> http://slightlyrandombrokenthoughts.blogspot.com/2008/12/calendar-bug.html
>
> --
> Text by me above is hereby placed in the public domain
>
> Cheers,
> --MarkM
>
More information about the cap-talk
mailing list