Ubuntu: Confused Deputy Problem [closed]


Why are capabilities sufficient to solve the confused deputy problem while ACLs are not?

After some research, the extent of my understanding is as follows:

  • ACLs can be changed by users with proper permissions while capabilities are controlled by the OS making them safer.
  • The ACL is checked when a file is accessed, while the capability is passed with the request being made. This makes the following scenario possible: If R has root access, and B wants to change A's password, B would ask R to do so. While the /etc/passwd file shows that R can modify it, since the capabilities of B are the ones being passed in and show otherwise, the action won't take place.

Am I missing something? If not, I don't see the purpose of ACLs if capabilities will always provide the same information but with higher integrity.


I am not sure what you are asking and you are sort of mixing root power with DAC and ACL.

By definition, with root or physical access, you can access any file or change any users password or make any system change you wish. You can not limit root with DAC or ACL. You can limit root with tools such as apparmor or selinux or limit access with encryption tools.

For example, if you use encrypted home directories, root can not access the data, even if the password is changed with the command passwd.

acl are used to give finer grain of control to files to users without giving root access. With standard DAC you have only 3 options, user, group, and other. On a multi user system you can use acl to allow as many users as you wish to access files.

Note:If u also have question or solution just comment us below or mail us on toontricks1994@gmail.com
Next Post »