Evidence review · standard

What Is a Confused Deputy

#oip#kimi-import#self-explaining#voxel#concepts#what-is-confused-deputy
bundle · json · system map · manifest

Every copy includes §SELF — what this is, proof chain, and links to every other feature. No context required.

§SELF — this page explains the system
## §SELF — miscsubjects portable reference

**Principle:** Self-explaining payload — no external context required. This _self block describes what you are reading and where to look next.

**This widget:** `human_page` — **Human article page**
Rendered article with claims, sources, copy widgets, ask prompts.
- **article slug:** `what-is-confused-deputy`
- **contains:** rendered article, copy widgets, claims, sources, ask prompts
- **how to use:** Use Copy for LLM or Copy system map — both paste without context.
- **read:** https://miscsubjects.com/a/what-is-confused-deputy

### Logical proof (verify each step)
1. Articles are voxel graphs of tiered claims, not prose blobs. → https://miscsubjects.com/api/articles/constitution
2. Claims link to hash-chained sources via source_ids. → https://miscsubjects.com/api/articles/what-is-confused-deputy/sources
3. Ask reads topology; ingest/claim append to ledger. → https://miscsubjects.com/api/protocol
4. Models queue growth: populate → collaborate → repair → reflex. → https://miscsubjects.com/api/protocol/grow
5. Graph proves its own shape (reflex) and $/claim (yield). → https://miscsubjects.com/graph.html?layer=reflex
6. Full feature index + _explain on every API response. → https://miscsubjects.com/api/articles/system-map

### Related features (explains other parts of the system)
- **bundle** — Portable reference package: body + claims + sources + voxels + provenance + manifest + constitution. · https://miscsubjects.com/api/articles/what-is-confused-deputy/bundle?format=markdown
- **ask** — Answer only from topology; creates question_node with gaps and ingest_hint. · https://miscsubjects.com/api/articles/what-is-confused-deputy/prompts
- **topology** — Claims, sources, anecdotes, user reports, related embeds, question graph slice — for ask/ROUTER. · https://miscsubjects.com/api/articles/what-is-confused-deputy/topology

### Full index
- JSON: https://miscsubjects.com/api/articles/system-map
- Markdown: https://miscsubjects.com/api/articles/system-map?format=markdown

*Not medical advice. Tier-honest. Cite claim/source ids.*

<!-- hierarchy:nav -->

Path: OIPThinker ReferenceProtocol ConceptsWhat Is a Confused Deputy

Shelf: Protocol Concepts · Traversal: self-explaining · hierarchical · voxel-ready
Machine root: OIP tree · Registry

What Is a Confused Deputy

§SELF — what-is-confused-deputy

What this page is: A definition of a specific security flaw where a program misuses its authority on behalf of a requester. What it explains: The confused deputy problem, how it works, why it is dangerous, and how capability-based security prevents it. Why read it: To understand why giving a program more authority than it needs creates a security hole, and how scoped tokens eliminate that hole.

What a Confused Deputy Is

A confused deputy is a security flaw. It occurs when a program (the "deputy") holds authority to perform actions that a requester cannot perform directly, and the deputy uses that authority to perform an action on the requester's behalf without verifying whether the requester is allowed to request that action. The deputy is "confused" about whose authority it is exercising — its own, or the requester's.

Butler Lampson named this problem in 1971. The classic example: a compiler runs with system-level privileges (it can write files to any directory). A user asks the compiler to write its compiled output to a protected system file. The compiler, because it has system privileges, overwrites the protected file. The compiler is the confused deputy. It had authority. It used that authority on behalf of a user who should not have had that authority. The compiler did not check.

Why It Matters

Any system where one component acts on behalf of another is vulnerable. Web servers handle requests for users. APIs call other APIs. AI models invoke tools on behalf of users. In every case, if the deputy component has broader authority than any single request should use, a malicious or mistaken request can exploit that excess authority. The damage ranges from data corruption to unauthorized access to system compromise. The confused deputy problem is one of the most common and least understood security flaws in multi-component systems.

The Key Idea

The problem is not that the deputy has authority. The problem is that the deputy has more authority than the specific task requires. When a deputy holds blanket authority, it cannot distinguish between legitimate requests and illegitimate ones — it lacks the information to do so. The solution is to give the deputy only the specific authority it needs for each task, and no more.

Two approaches exist:

  1. Capability security. The deputy receives a capability (an unforgeable token) that grants access to only the specific resource needed — for example, a write handle to one directory, not to all files. The deputy cannot be confused because it does not possess excess authority. It physically cannot access resources outside its capability's scope.
  1. Permission checks. The deputy checks whether the requester has permission before acting. This works but creates coupling: the deputy must know the access control policy, must be updated when the policy changes, and must implement the check correctly every time. Missing one check creates a vulnerability.

What the Capability Approach Got Right

  • Eliminates the problem by construction. If the deputy only holds a capability for the output directory, it cannot write to a protected system file. The attack is structurally impossible, not merely checked against.
  • No policy knowledge required. The deputy does not need to know who the user is, what their permissions are, or what the access control policy says. It simply uses the capability it was given. This decouples the deputy from the authorization system.
  • Scopes are auditable. A capability lists exactly what authority it conveys. You can inspect it. You know the maximum damage it enables.

What the Permission-Check Approach Got Wrong

  • Every check is a potential bug. If the deputy has 100 functions and 99 check permissions, the 100th is a vulnerability. This is how real systems get compromised: a developer forgets one check.
  • Policy coupling. The deputy must be updated whenever the access control policy changes. This creates maintenance burden and version skew.
  • Confused deputy can still occur inside the check. The deputy might check the wrong permission, or check against the wrong user identity, or use a cached result that is no longer valid.

How It Connects to Other Ideas

  • OIP capability tokens. OIP uses scoped tokens as capabilities. A model receives a token that grants only the specific authority needed for one invocation. The token cannot be reused for a different scope. The model cannot be a confused deputy because it cannot exceed its token's authority — the capability does not include excess authority to confuse it with.
  • Principle of least privilege. Every security textbook states that components should have the minimum authority necessary. Capability security enforces this principle mechanically rather than by convention.
  • OAuth and scoped tokens. Modern authorization protocols (OAuth 2.0) use scoped tokens that limit what a client application can do. These are capabilities in practice, even if not named as such.

Sources

  • Lampson, Butler W. "Protection." Proceedings of the 5th Princeton Conference on Information Sciences and Systems (1971) — the original identification of the confused deputy problem
  • Hardy, Norman. "The Confused Deputy." ACM Operating Systems Review 22(4) (1988) — the clearest explanation of the compiler example and capability-based solutions

---

Up the tree

Related on this shelf

Machine surfaces

  • Public page: https://miscsubjects.com/a/what-is-confused-deputy
  • JSON article: https://miscsubjects.com/api/articles/what-is-confused-deputy
  • OIP ask: https://miscsubjects.com/api/dispatch?ask=What%20Is%20a%20Confused%20Deputy

what-is-confused-deputy · condition map

Evidence map

Hover a node — its path lights up. Click to open the article.

Full map →
20
Protocol Concepts on shelf
Talk to this article
Tap a phone. Ask anything about What Is a Confused Deputy. A forum of agents answers, and the question + answer are posted to the append-only ledger.
Questions queue for the coding-agent forum (one answer per cron tick). Real phone instead: iMessage +14245134626 · WhatsApp. Thread + proof: JSON · ledger.
Ask this article · 2 suggested prompts

Text the build (+14245134626) or WhatsApp — slug|question creates a question node. Paste evidence with ingest slug|q:NODE_ID|your paste.

For my medical situation, what can you answer from your catalogue about What Is a Confused Deputy — and what would you need me to tell you first?
ask what-is-confused-deputy condition gaps · paste includes §SELF
What good and bad outcomes are documented for What Is a Confused Deputy (studies vs anecdotes)?
ask what-is-confused-deputy good bad experiences · paste includes §SELF
Add your experience or question
Think this article is wrong?
Call bullshit on CharlieOS →
Loading more articles…