Privilege separation

From Wikipedia, the free encyclopedia

In computer programming, privilege separation is a technique used to mitigate the potential damage of a computer security attack. In its most basic form, a computer program forks into two processes. The main program drops privileges, and the smaller program keeps privileges in order to perform a certain task. The two halves then communicate via a socket pair. Thus, any successful attack against the larger program will gain minimal access, even though the pair of programs will be capable of performing privileged operations.

[edit] See also

[edit] External links

Theo de Raadt: Exploit Mitigation Techniques in OpenBSD slides
Niels Provos, Markus Friedl, Peter Honeyman: Preventing Privilege Escalation paper
Niels Provos: Privilege Separated OpenSSH project

This computer science-related article is a stub. You can help Wikipedia by expanding it.

Retrieved from "http://en.wikipedia.org../../../p/r/i/Privilege_separation.html"

Category: Computer science stubs

Views

interaction

Search

In other languages

Español

This page was last modified 21:02, 12 December 2006 by Wikipedia user Ignacioerrico. Based on work by Wikipedia user(s) Nicodemus13, Nielsprovos, Neilc, BMF81, Bluebot, Druiloor, Jfhaugh, Amalas, Mark.murphy, Ganymead and LeeHunter and Anonymous user(s) of Wikipedia.
All text is available under the terms of the GNU Free Documentation License. (See Copyrights for details.)
Wikipedia® is a registered trademark of the Wikimedia Foundation, Inc., a US-registered 501(c)(3) tax-deductible nonprofit charity.
About Wikipedia
Disclaimers