[cap-talk] "ambient authority" on wiki.erights.org
Karp, Alan H
alan.karp at hp.com
Fri Jun 19 12:50:29 EDT 2009
Sam Mason wrote:
>
> I'd analyze this in two ways; either as a bug or as mycopy being a
> confused deputy as a direct result of the presence of ambient authority.
> Lets consider the ambient authority example first. Subject count is
> three; the subjects being Alice the user, the mycopy program and the OS.
The mycopy program is running in Alice's account with her permissions and is the same subject as Alice.
> The files are objects within the OS and Alice passes two designations to
> the mycopy program. The mycopy program then asks the OS to do things
> with the objects using the "wrong" authority. If we choose to treat
> this as a mistake/bug then the fault is with Alice for not knowing which
> way around the parameters should go.
>
It's a bug, but Alice has no way to protect herself in an ambient authority system.
________________________
Alan Karp
Principal Scientist
Virus Safe Computing Initiative
Hewlett-Packard Laboratories
1501 Page Mill Road
Palo Alto, CA 94304
(650) 857-3967, fax (650) 857-7029
http://www.hpl.hp.com/personal/Alan_Karp
More information about the cap-talk
mailing list