Closed skatsikeas closed 3 years ago
The proposed solution to this is to be able (from the executed Applications
) to exploit the localConnectVulnerabilites of the executor Application
.
The reason of not having localConnect
on the executor Application
is because this would allow the attacker to authenticate
on the executor Application
if having proper Credentials
.
This was implemented on https://github.com/mal-lang/coreLang/commit/5d59c712fce2a3df39de77880a0d0e669eb6d766
Having access on an Application should always lead to localConnect on the executor Application?
Right now, this only happens when fullAccess on Application is achieved (and not with specificAccess). Should it happen even with specificAccess? This should be discussed.