contact | Teams Six

[teamssix]

https://teamssix.com/contact/

[teamssix]

给大佬递茶~

[RookieTerry]

大佬能分享一下用的这个主题的源码地址吗？感激不尽

[teamssix]

@RookieTerry 用的这个主题：https://github.com/blinkfox/hexo-theme-matery

[Faithtiannn]

请问大佬，cf在利用泄露的临时ak和sk的时候遇到 Access denied by authorizer's policy这种情况是无解了吗

[teamssix]

@Faithtiannn 请问大佬，cf在利用泄露的临时ak和sk的时候遇到 Access denied by authorizer's policy这种情况是无解了吗

看样子是权限不足？权限不足的话确实就不好进行下一步了，可以再看看其他的路

[Faithtiannn]

您的邮件已收到，谢谢

[Faithtiannn]

您的邮件已收到，谢谢

[BreakALegCml]

师傅您好，我在您的文章《WIZ IAM 挑战赛 Writeup》中的 Admin only?章节下，注意到 "对于 ForAllValues，如果请求中没有键或者键值解析为空数据集（如空字符串），则也会返回 true，不要使用带有 Allow 效果的 ForAllValues，因为这样可能会过于宽容。" ,我后续去AWS官方也找到了对应的文档 "ForAllValues – This qualifier tests whether the value of every member of the request set is a subset of the condition context key set. The condition returns true if every context key value in the request matches at least one context key value in the policy. It also returns true if there are no context keys in the request, or if the context key value resolves to a null dataset, such as an empty string. To prevent missing context keys or context keys with empty values from evaluating to true, you can include the Null condition operator in your policy with a false value to check if the context key exists and its value is not null." ——源自https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-single-vs-multi-valued-context-keys.html#reference_policies_condition-multi-valued-context-keys。

但是我在另一篇文章里发现这里有着相反的结论 "If the key that you specify in a policy condition is not present in the request context, the values do not match and the condition is false. If the policy condition requires that the key is not matched, such as StringNotLike or ArnNotLike, and the right key is not present, the condition is true. This logic applies to all condition operators except ...IfExists and Null check. These operators test whether the key is present (exists) in the request context."——源自https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html。

可以请教下师傅为什么这两个结论是矛盾的呢？是我哪里理解错了么？

[Faithtiannn]

您的邮件已收到，谢谢

[teamssix]

@BreakALegCml 师傅您好，我在您的文章《WIZ IAM 挑战赛 Writeup》中的 Admin only?章节下，注意到 "对于 ForAllValues，如果请求中没有键或者键值解析为空数据集（如空字符串），则也会返回 true，不要使用带有 Allow 效果的 ForAllValues，因为这样可能会过于宽容。" ,我后续去AWS官方也找到了对应的文档 "ForAllValues – This qualifier tests whether the value of every member of the request set is a subset of the condition context key set. The condition returns true if every context key value in the request matches at least one context key value in the policy. It also returns true if there are no context keys in the request, or if the context key value resolves to a null dataset, such as an empty string. To prevent missing context keys or context keys with empty values from evaluating to true, you can include the Null condition operator in your policy with a false value to check if the context key exists and its value is not null." ——源自https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-single-vs-multi-valued-context-keys.html#reference_policies_condition-multi-valued-context-keys。

但是我在另一篇文章里发现这里有着相反的结论 "If the key that you specify in a policy condition is not present in the request context, the values do not match and the condition is false. If the policy condition requires that the key is not matched, such as StringNotLike or ArnNotLike, and the right key is not present, the condition is true. This logic applies to all condition operators except ...IfExists and Null check. These operators test whether the key is present (exists) in the request context."——源自https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html。

可以请教下师傅为什么这两个结论是矛盾的呢？是我哪里理解错了么？

师傅很细心啊，根据我的理解，这里并不矛盾，一个说的是 Key 的 Value 是空的那么就返回 True，一个说的是如果 Key 不存在那么就返回 False，这时如果 Key 存在但 Value 是空的，那么其实就是返回 True 的，这里需要注意键的值和键的区别。