...
Privileged operations are often required in a program, although subsequently, though the program might not need to retain the special privileges. For instance, a network program may require superuser privileges to capture raw network packets but will not ideally use the same set of privileges for carrying out other tasks such as packet analysis. Dropping or elevating privileges alternately according to program requirements is a good design strategy. Moreover, assigning only the required privileges limits the window of exposure for any privilege escalation exploit to succeed.
...