Taken from GPT analysis. This needs confirmation:
High risk: the new derive() API leaks bus:connect(opts) authority to any caller that is only handed a connection.
Commit 6541236 adds Connection:derive(), and it simply forwards to Bus:connect(opts) after defaulting principal only when absent. That means a caller can derive with an arbitrary principal and arbitrary trusted origin_factory. The new tests and docs explicitly bless that behavior in
Failure mode: code that only has a low-privilege connection can mint a higher-privilege sibling or spoof fabric_import provenance, which bypasses the authorizer boundary and can corrupt provenance-based routing/policy decisions. I would treat this as a blocker unless derive() is restricted to inherited authority or override fields are separately authorized.
Taken from GPT analysis. This needs confirmation:
High risk: the new derive() API leaks bus:connect(opts) authority to any caller that is only handed a connection.
Commit 6541236 adds Connection:derive(), and it simply forwards to Bus:connect(opts) after defaulting principal only when absent. That means a caller can derive with an arbitrary principal and arbitrary trusted origin_factory. The new tests and docs explicitly bless that behavior in
Failure mode: code that only has a low-privilege connection can mint a higher-privilege sibling or spoof fabric_import provenance, which bypasses the authorizer boundary and can corrupt provenance-based routing/policy decisions. I would treat this as a blocker unless derive() is restricted to inherited authority or override fields are separately authorized.