From 9a733064c87a6ff0e6cc6cd1588ddf0e06a182f7 Mon Sep 17 00:00:00 2001
From: Sam Williams <sam@arweave.org>
Date: Sun, 30 Jun 2024 17:28:18 -0400
Subject: [PATCH] fix: In the event of having no authorities on the list, trust
 no-one.

---
 dev-cli/container/src/ao.lua | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/dev-cli/container/src/ao.lua b/dev-cli/container/src/ao.lua
index 5457bf1d7..e5927253c 100644
--- a/dev-cli/container/src/ao.lua
+++ b/dev-cli/container/src/ao.lua
@@ -175,9 +175,9 @@ function ao.assign(assignment)
     table.insert(ao.outbox.Assignments, assignment)
 end
 
+-- The default security model of AOS processes: Trust all and *only* those
+-- on the ao.authorities list.
 function ao.isTrusted(msg)
-    if #ao.authorities == 0 then return true end
-
     for _, authority in ipairs(ao.authorities) do
         if msg.From == authority then return true end
         if msg.Owner == authority then return true end