Categories
  Encyclosphere.org ENCYCLOREADER
  supported by EncyclosphereKSF

Privilege bracketing

From HandWiki - Reading time: 1 min

In computer security, privilege bracketing is a temporary increase in software privilege within a process to perform a specific function, assuming those necessary privileges at the last possible moment and dismissing them as soon as no longer strictly necessary, therefore ostensibly avoiding fallout from erroneous code that unintentionally exploits more privilege than is merited. It is an example of the use of principle of least privilege in defensive programming. It should be distinguished from privilege separation, which is a much more effective security measure that separates the privileged parts of the system from its unprivileged parts by putting them into different processes, as opposed to switching between them within a single process.

A known example of privilege bracketing is in Debian/Ubuntu: using the 'sudo' tool to temporarily acquire 'root' privileges to perform an administrative command.[1] A Microsoft Powershell equivalent is "Just In Time, Just Enough Admin".[2]

See also

References





Licensed under CC BY-SA 3.0 | Source: https://handwiki.org/wiki/Privilege_bracketing
11 views | Status: cached on August 01 2024 04:20:50
↧ Download this article as ZWI file
Encyclosphere.org EncycloReader is supported by the EncyclosphereKSF