| 翻訳と辞書 |
| confused deputy problem : ウィキペディア英語版 |
confused deputy problem
A confused deputy is a computer program that is innocently fooled by some other party into misusing its authority. It is a specific type of privilege escalation. In information security, the confused deputy problem is often cited as an example of why capability-based security is important, as capability systems protect against this whereas access control list-based systems do not.〔(ACLs don't )〕
==Example==
In the original example of a confused deputy,〔http://www.cis.upenn.edu/~KeyKOS/ConfusedDeputy.html〕 there is a program that provides compilation services to other programs. Normally, the client program specifies the name of the input and output files, and the server is given the same access to those files that the client has.
The compiler service is pay-per-use, and the compiler service stores its billing information in a file (dubbed ''BILL'') that only it has access to.
Now suppose a client calls the service and names its output file ''BILL''. The service opens the output file. Even though the client did not have access to that file, the service does, so the open succeeds, and the server writes the compilation output to the file, overwriting it, and thus destroying the billing information.
抄文引用元・出典: フリー百科事典『 ウィキペディア(Wikipedia)』
■ウィキペディアで「confused deputy problem」の詳細全文を読む
スポンサード リンク
| 翻訳と辞書 : 翻訳のためのインターネットリソース |
Copyright(C) kotoba.ne.jp 1997-2016. All Rights Reserved.
|
|