Privilege revocation (computing)

Privilege revocation is the act of an entity giving up some, or all of, the privileges they possess, or some authority taking those (privileged) rights away.

Information theory

Honoring the Principle of least privilege at a granularity provided by the base system such as sandboxing of (to that point successful) attacks to an unprivileged user account helps in reliability of computing services provided by the system. As the chances of restarting such a process are better, and other services on the same machine aren't affected (or at least probably not as much as in the alternative case: i.e. a privileged process gone haywire instead).

Computer security

In computing security privilege revocation is a measure taken by a program to protect the system against misuse of itself.

Privilege revocation is a variant of privilege separation whereby the program terminates the privileged part immediately after it has served its purpose. If a program doesn't revoke privileges, it risks the escalation of privileges.

Revocation of privileges is a technique of defensive programming.

gollark: Vivaldi uses... Blink or something... so it should still be compatible with modern browser stuff.

gollark: Well, enjoy, but I no longer support IE in anything I develop. (which is admittedly nothing important, but I think some organizations do similar stuff now)

gollark: As someone who programs web things a bit, IE11 bad.

gollark: no. firefox.

gollark: I read about exciting new security vulnerabilities every week in my RSS feed.

References

Protection Profile for Privilege-Directed Content Authoriszor Ltd, Ref: Auth_CC/PP/DES/01, Issue 1.3, 22 December 2000
LOMAC: Low Water-Mark Integrity Protection for COTS Environments by Timothy Fraser

This article is issued from Wikipedia. The text is licensed under Creative Commons - Attribution - Sharealike. Additional terms may apply for the media files.