Privilege Bracketing in the Solaris 10 Operating System 
by Glenn Brunette
April, 2006
In IT security, the well-known "least privilege" principle states that: "Every program and every user of the system should operate using the least set of privileges necessary to complete the job." This Sun BluePrints OnLine article describes how to use the Process Rights Management feature of the Solaris 10 Operating System to implement this principle for any given software program.
Process Rights Management allows software developers to write privilege-aware programs that run with only the privileges they need, dropping those that are not needed or are no longer required. Further, using a programming technique called privilege bracketing, a developer can control exactly when a privilege or set of privileges is active or in effect.
Software developers can use the privilege bracketing technique to ensure that a program is running with privilege only when that privilege is required. This is accomplished by placing privileged software operations between code that effectively enables and disables specific privileges. Using the methods described in this article, software developers will be able to develop privileged programs that are more secure and resilient to flaws because the use of privilege within the code can be more tightly controlled.
Sign up or Log in to add a comment or watch this page.