Privilege separation

In computer programming and computer security, privilege separation (privsep) is one software-based technique for implementing the principle of least privilege.^[1]^[2] With privilege separation, a program is divided into parts which are limited to the specific privileges they require in order to perform a specific task. This is used to mitigate the potential damage of a computer security vulnerability.

^ Provos, Niels; Friedl, Markus; Honeyman, Peter (August 4, 2003). "Preventing Privilege Escalation" (PDF). Archived (PDF) from the original on March 25, 2023.
^ "Privilege separation". QNX Software Development Platform. May 17, 2024. Archived from the original on April 14, 2024.

[1] Provos, Niels; Friedl, Markus; Honeyman, Peter (August 4, 2003). "Preventing Privilege Escalation" (PDF). Archived (PDF) from the original on March 25, 2023.

[2] "Privilege separation". QNX Software Development Platform. May 17, 2024. Archived from the original on April 14, 2024.

[1]

[2]