Matches in DBpedia 2016-04 for { <http://dbpedia.org/resource/Privilege_separation> ?p ?o }
Showing triples 1 to 69 of
69
with 100 triples per page.
- Privilege_separation abstract "In computer programming and computer security, privilege separation is a technique in which a program is divided into parts which are limited to the specific privileges they require in order to perform a specific task. This is used to mitigate the potential damage of a computer security attack.A common method to implement privilege separation is to have a computer program fork into two processes. The main program drops privileges, and the smaller program keeps privileges in order to perform a certain task. The two halves then communicate via a socket pair. Thus, any successful attack against the larger program will gain minimal access, even though the pair of programs will be capable of performing privileged operations.Privilege separation is traditionally accomplished by distinguishing a real user ID/group ID from the effective user ID/group ID, using the setuid(2)/setgid(2) and related system calls, which were specified by POSIX. If these are incorrectly positioned, gaps can allow widespread network penetration.Many network service daemons have to do a specific privileged operation such as open a raw socket or an Internet socket in the well known ports range. Administrative utilities can require particular privileges at run-time as well. Such software tends to separate privileges by revoking them completely after the critical section is done, and change the user it runs under to some unprivileged account after so doing. This action is known as dropping root under Unix-like operating systems. The unprivileged part is usually run under the \"nobody\" user or an equivalent separate user account.Privilege separation can also be done by splitting functionality of a single program into multiple smaller programs, and then assigning the extended privileges to particular parts using file system permissions. That way the different programs have to communicate with each other through the operating system, so the scope of the potential vulnerabilities is limited (since a crash in the less privileged part cannot be exploited to gain privileges, merely to cause a denial-of-service attack).Separation of privileges is one of the major OpenBSD security features. The implementation of Postfix was focused on implementing comprehensive privilege separation. Solaris implements a separate set of functions for privilege bracketing.".
- Privilege_separation wikiPageExternalLink privsep.pdf.
- Privilege_separation wikiPageExternalLink privsep.html.
- Privilege_separation wikiPageExternalLink 6m7g4ma52?a=view.
- Privilege_separation wikiPageExternalLink ven05-deraadt.
- Privilege_separation wikiPageID "1039022".
- Privilege_separation wikiPageLength "3769".
- Privilege_separation wikiPageOutDegree "45".
- Privilege_separation wikiPageRevisionID "606450783".
- Privilege_separation wikiPageWikiLink Capability-based_security.
- Privilege_separation wikiPageWikiLink Category:Computer_security_procedures.
- Privilege_separation wikiPageWikiLink Computer_network.
- Privilege_separation wikiPageWikiLink Computer_program.
- Privilege_separation wikiPageWikiLink Computer_programming.
- Privilege_separation wikiPageWikiLink Computer_security.
- Privilege_separation wikiPageWikiLink Confused_deputy_problem.
- Privilege_separation wikiPageWikiLink Crash_(computing).
- Privilege_separation wikiPageWikiLink Daemon_(computing).
- Privilege_separation wikiPageWikiLink Defensive_programming.
- Privilege_separation wikiPageWikiLink Denial-of-service_attack.
- Privilege_separation wikiPageWikiLink Exploit_(computer_security).
- Privilege_separation wikiPageWikiLink File_system_permissions.
- Privilege_separation wikiPageWikiLink Fork_(system_call).
- Privilege_separation wikiPageWikiLink Group_identifier.
- Privilege_separation wikiPageWikiLink List_of_TCP_and_UDP_port_numbers.
- Privilege_separation wikiPageWikiLink Markus_Friedl.
- Privilege_separation wikiPageWikiLink Network_socket.
- Privilege_separation wikiPageWikiLink Niels_Provos.
- Privilege_separation wikiPageWikiLink Nobody_(username).
- Privilege_separation wikiPageWikiLink OpenBSD_security_features.
- Privilege_separation wikiPageWikiLink Operating_system.
- Privilege_separation wikiPageWikiLink POSIX.
- Privilege_separation wikiPageWikiLink Peter_Honeyman.
- Privilege_separation wikiPageWikiLink Postfix_(software).
- Privilege_separation wikiPageWikiLink Principle_of_least_privilege.
- Privilege_separation wikiPageWikiLink Privilege_(computing).
- Privilege_separation wikiPageWikiLink Privilege_bracketing.
- Privilege_separation wikiPageWikiLink Privilege_escalation.
- Privilege_separation wikiPageWikiLink Privilege_revocation_(computing).
- Privilege_separation wikiPageWikiLink Process_(computing).
- Privilege_separation wikiPageWikiLink Raw_socket.
- Privilege_separation wikiPageWikiLink Run_time_(program_lifecycle_phase).
- Privilege_separation wikiPageWikiLink Sandbox_(computer_security).
- Privilege_separation wikiPageWikiLink Setuid.
- Privilege_separation wikiPageWikiLink Solaris_(operating_system).
- Privilege_separation wikiPageWikiLink System_call.
- Privilege_separation wikiPageWikiLink Theo_de_Raadt.
- Privilege_separation wikiPageWikiLink Unix-like.
- Privilege_separation wikiPageWikiLink Unix_domain_socket.
- Privilege_separation wikiPageWikiLink User_identifier.
- Privilege_separation wikiPageWikiLink Utility_software.
- Privilege_separation wikiPageWikiLinkText "Privilege separation".
- Privilege_separation wikiPageWikiLinkText "drop privileges".
- Privilege_separation wikiPageWikiLinkText "drop root privileges".
- Privilege_separation wikiPageWikiLinkText "privilege separation".
- Privilege_separation wikiPageUsesTemplate Template:Unreferenced.
- Privilege_separation subject Category:Computer_security_procedures.
- Privilege_separation hypernym Technique.
- Privilege_separation type TopicalConcept.
- Privilege_separation type Redirect.
- Privilege_separation comment "In computer programming and computer security, privilege separation is a technique in which a program is divided into parts which are limited to the specific privileges they require in order to perform a specific task. This is used to mitigate the potential damage of a computer security attack.A common method to implement privilege separation is to have a computer program fork into two processes.".
- Privilege_separation label "Privilege separation".
- Privilege_separation sameAs Q7246315.
- Privilege_separation sameAs Separación_de_privilegios.
- Privilege_separation sameAs جداسازی_امتیازی.
- Privilege_separation sameAs m.040ll9.
- Privilege_separation sameAs Q7246315.
- Privilege_separation wasDerivedFrom Privilege_separation?oldid=606450783.
- Privilege_separation isPrimaryTopicOf Privilege_separation.