Principal of least privilege

This is a discussion on Principal of least privilege within the C++ Programming forums, part of the General Programming Boards category; I am currently learning C++ at college, and can't seem to get anyone to explain what principal of least privilege ...

  1. #1
    Registered User
    Join Date
    Feb 2003
    Posts
    6

    Principal of least privilege

    I am currently learning C++ at college, and can't seem to get anyone to explain what principal of least privilege means. My text refers to it, but there is never a point where it is actually defined. Can anyone help me with this question please.

    Thanks!

  2. #2
    CS Author and Instructor
    Join Date
    Sep 2002
    Posts
    511

    Thumbs up

    From: /www.cs.cornell.edu/people/vickyw/lecNotes/Lec3.html

    Principle of Least Privilege
    The Principle of Least Privilege dictates that each task, process, or user (generically referred to as a subject or a principal) is granted exactly those rights needed to perform its job. In spy movies, following the Principle of Least Privilege is equivalent to operating on a need-to-know basis.

    To create a system that follows the Principle of Least Privilege, you must determine what the subjects are, what set of privileges should be given to each subject, and how/when should the set change. Often, a set of privileges will change based on the corresponding subject's previous actions (such as file accesses) or on the context (such as which machine is being used.)

    Every real-world system violates the Principle of Least Privilege, since regulating every bit and every instruction is not reasonable. Real systems, however, do practice the Principle of Least Privilege at a higher level. For example, if complete mediation is done, then every access to every object is checked.

    In accordance with the Principle of Least Privilege, failsafe defaults require explicit permission before an access is granted. This method detects permission errors automatically, since denial of legitimate access will cause complaints.

    Separation of Privilege facilitates the Principle of Least Privilege by requiring each privilege to have a distinct key/means of access.














    Mr. C: Author and Instructor

  3. #3
    Skunkmeister Stoned_Coder's Avatar
    Join Date
    Aug 2001
    Posts
    2,572
    In laymans terms the principle of least priviledge boils down to several simple rules.

    1) Make class member private unless you can PROVE they NEED to be otherwise.
    2) Use const wherever possible. There is an argument going on as to whether by value params should be const. I believe they should. Herb sutter disagrees. Up to you I guess.
    3) Keep scopes small.
    Free the weed!! Class B to class C is not good enough!!
    And the FAQ is here :- http://faq.cprogramming.com/cgi-bin/smartfaq.cgi

Popular pages Recent additions subscribe to a feed

Similar Threads

  1. How can a program get ring0 privilege easily?
    By chenayang in forum Tech Board
    Replies: 6
    Last Post: 07-22-2008, 03:28 AM
  2. Visual Studio Installer Privilege Issue
    By mercury529 in forum Windows Programming
    Replies: 4
    Last Post: 01-30-2006, 01:48 PM
  3. The Principal Of Least Priviliged ?
    By misplaced in forum C++ Programming
    Replies: 34
    Last Post: 12-19-2004, 08:02 PM
  4. Access token privilege attributes
    By bennyandthejets in forum Windows Programming
    Replies: 1
    Last Post: 07-10-2003, 12:39 PM
  5. how to gain privilege
    By Jaguar in forum Linux Programming
    Replies: 9
    Last Post: 04-06-2003, 03:30 PM

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21