Programs must comply with the principle of least privilege not only by providing privileged blocks with the minimum permissions required for correct operation (see 17. SEC50-JG. Avoid granting excess privileges) but also by ensuring that privileged code contains only those operations that require the increased privileges. Superfluous code contained within a privileged block necessarily operates with the privileges of that block, increasing the attack surface.
...
Minimizing privileged code reduces the attack surface of an application and simplifies the task of auditing privileged code.
Related Guidelines
...
...
Privilege Sandbox Issues [XYO]
...
...
CWE-272, Least privilege violation
...
Bibliography
...