Comment by egberts1

Comment by egberts1 3 days ago

0 replies

View on Hacker News

It is an "ACL vulnerability ".

ACL as in access control list.

Bell-LaPalda and multi-level access control systems both required a trusted controller and, And, AND a trusted arbiter of a state machine.

It is the state machine that magically got expanded into a couple more states, with the introduction of an imposter admin actor.

So yeah, the trusted arbiter and owner of that state machine (Google) did an oops.

This is something that Keberos (KRB5) was designed to protect against.