Direct privilege checking

Programs should not attempt to determine whether they are invoked as privileged processes (for example, by examining their effective or maximum privilege vector). Instead, programs should assume they are invoked as privileged where appropriate.

If the program is not a privileged process, the privileged system calls will fail and the program can take the appropriate action. It is not usually an effective security measure for a program to itself refuse to perform certain operations unless it is privileged. If the program is privileged, then the check is meaningless. If the program is not privileged, then the program can do no more harm than any other unprivileged process.

However, this check can be used effectively as an aid to accidental misuse. A meaningful error message can be given stating that the program was intended to be privileged but is not.