Programs must comply with the principle of least privilege not only by providing privileged blocks with the minimum permissions required for correct operation (see 16 SEC50-J. Avoid granting excess privileges) but also by ensuring that privileged code contains only those operations that require increased privileges. Superfluous code contained within a privileged block must operate with the privileges of that block, increasing the attack surface.
...