Page History

The principle of least privilege states that every program and every user of the system should operate using the least set of privileges necessary to complete the job \[[Saltzer 74|AA. References#SaltzerBibliography#Saltzer 74], [Saltzer 75|AA. References#SaltzerBibliography#Saltzer 75]\]. The Build Security In website \[[DHS 06|AA. References#DHSBibliography#DHS 06]\] provides additional definitions of this principle.  Executing with minimal privileges mitigates against exploitation in case a vulnerability is discovered in the code.

\[[DHS 06|AA. References#DHSBibliography#DHS 06]\] [Least Privilege |https://buildsecurityin.us-cert.gov/daisy/bsi/articles/knowledge/principles/351.html]
\[[ISO/IEC PDTR 24772|AA. References#ISOBibliography#ISO/IEC PDTR 24772]\] "XYN Privilege Management"
\[[MITRE 07|AA. References#MITREBibliography#MITRE 07]\] [CWE ID 250|http://cwe.mitre.org/data/definitions/250.html], "Execution with Unnecessary Privileges," [CWE ID 272|http://cwe.mitre.org/data/definitions/272.html], "Least Privilege Violation"
\[[Saltzer 74|AA. References#SaltzerBibliography#Saltzer 74]\]
\[[Saltzer 75|AA. References#SaltzerBibliography#Saltzer 75]\]
\[[Wheeler 03|AA. References#WheelerBibliography#Wheeler 03]\] [Section 7.4, "Minimize Privileges"|http://www.dwheeler.com/secure-programs/Secure-Programs-HOWTO/minimize-privileges.html]
\[[xorl 2009|AA. References#xorlBibliography#xorl 2009]\] ["OpenSolaris CIFS/SMB Invalid File Flags"|http://xorl.wordpress.com/2009/06/14/opensolaris-cifssmb-invalid-file-flags/]