{
  "$type": "site.standard.document",
  "bskyPostRef": {
    "cid": "bafyreifvahscm6pryczoeerucjxzpdg7z23ucdtg62zetvgkoyltenk3oq",
    "uri": "at://did:plc:pgryn3ephfd2xgft23qokfzt/app.bsky.feed.post/3mkssv72egvz2"
  },
  "path": "/t/seeking-arxiv-cs-cr-endorsement-dsn-2026-accepted-paper/175707#post_1",
  "publishedAt": "2026-05-01T18:27:10.000Z",
  "site": "https://discuss.huggingface.co",
  "tags": [
    "https://easychair.org/my/preprint_downloa​d_pdf?version=51579",
    "https://urldefense.com/v3/_https://arxiv.org/auth/endorse?x=WVWH38_;!!ACWV5N9M2RV99hQ!LCCFNw3HxTdPEveUp47x6T-62QluDvrIqGohihPO5-JOM4bTan5SQqDpz648tr321vSUdimibXGtWaFfzt8j$"
  ],
  "textContent": "Hi all,\n\nI’m seeking an arXiv endorsement for **cs.CR** to post the camera-ready of a paper that has been accepted at **DSN 2026** : _A Secure, Manifest-Based Framework for Delegated Privilege Promotion_. https://easychair.org/my/preprint_downloa​d_pdf?version=51579\n\n**Paper summary.** A privileged-promotion infrastructure for enterprise systems that run as unprivileged service accounts but still depend on a small set of root-owned helpers. A minimal privileged mediator (“enabler”) validates a vendor-signed manifest and promotes only authorized files. Validation and promotion are bound to file descriptors rather than pathnames, eliminating TOCTOU races under an attacker-controlled unprivileged namespace. Also supports offline key rotation, KRL-based revocation, and atomic self-update. Deployed in production in a large-scale enterprise database.\n\nTo endorse please visit\n\nhttps://urldefense.com/v3/_https://arxiv.org/auth/endorse?x=WVWH38_;!!ACWV5N9M2RV99hQ!LCCFNw3HxTdPEveUp47x6T-62QluDvrIqGohihPO5-JOM4bTan5SQqDpz648tr321vSUdimibXGtWaFfzt8j$\n\nEndorsement Code: WVWH38",
  "title": "Seeking arXiv cs.CR endorsement — DSN 2026 Accepted paper"
}