Assignment and removal of privilege
One trusted software technique is for a program to perform all operations for which privilege is required early in its execution and then to relinquish privilege for the remainder of the duration of its operation. This is called privilege bracketing.
Remember the following considerations related to the use of privileges:
- Each user's process is assigned a set of maximum privileges at process execution. This set of privileges can always be reduced but can never be increased by the unprivileged user.
- It is the responsibility of the executing process to raise and lower the privileges of the maximum set into and out of the effective set when performing privileged operations.
- Process privileges are modified when processes run executable files which have non-empty innate privilege sets. See the exec command for more information.
- Processes are also given a limiting privilege set when the processes are run. With appropriate privileges, a process can raise privileges in the maximum set up to those in the limiting set.