Secure Programmer: Minimizing Privileges

By David A. Wheeler
2005-05-27


Conclusions
Minimizing privileges is an important defense against a variety of security problems. Because bugs are inevitable, you want to make it much less likely that the bugs will cause security problems. But at least some part of a secure program has to have code involving security, so you can't just minimize privileges and ignore everything else. Even after you've minimized the parts that involve security, those parts still have to be correct. And to be correct, you'll need to avoid common mistakes.

We've already covered one common mistake, buffer overflows, in a previous column (see Resources for links to previous installments of Secure programmer). Another common mistake is to allow "race conditions," including problems in the often-misunderstood /tmp directory. My next installment will discuss race conditions, including why the /tmp directory is so often a problem and what researchers are doing to fix it.

Tutorial Pages:
» Taking the fangs out of bugs
» Basics of minimizing privileges
» Minimize privileged modules
» Minimize privileges granted
» Minimize privileges' time
» Newer mechanisms
» Conclusions
» Resources


First published by IBM DeveloperWorks

Related Tutorials: » How to Install PHP 5 on Linux » How to Install Apache 2 on Linux » How to Install MySQL 5.0 on Linux » SMB Caching » Mound --Bind » Tar Wild Card Interpretation