[cap-talk] "ambient authority" on wiki.erights.org
Karp, Alan H
alan.karp at hp.com
Tue Jun 23 12:04:35 EDT 2009
Sam Mason wrote:
>
> I'd go further and say that in this example the entirety of the code
> runs as a single subject and it's therefore not useful to say that we
> have ambient authority---because there's no one there to abuse it. The
> moment the code has the possibility of taking on the role of more than
> one subject then we should say that use of this Copier class means we
> have a program that uses ambient authority.
>
Although ambient authorities often lead to vulnerabilities, I don't believe that abuse needs to be part of the definition of ambient authority. The copy example was meant to show a case where ambient authorities cause a problem not related to abuse.
________________________
Alan Karp
Principal Scientist
Virus Safe Computing Initiative
Hewlett-Packard Laboratories
1501 Page Mill Road
Palo Alto, CA 94304
(650) 857-3967, fax (650) 857-7029
http://www.hpl.hp.com/personal/Alan_Karp
More information about the cap-talk
mailing list