Principle of least privilege

[1] The principle means giving any user accounts or processes only those privileges which are essentially vital to perform its intended functions.

Benefits of the principle include: In practice, there exist multiple competing definitions of true (least privilege).

As program complexity increases rapidly, so do the number of potential issues, rendering a predictive approach impractical.

Examples include the values of variables it may process, addresses it will need, or the precise time such things will be required.

The original formulation is from Jerome Saltzer:[5] Every program and every privileged user of the system should operate using the least amount of privilege necessary to complete the job.Peter J. Denning, His paper "Fault Tolerant Operating Systems", set it in a broader perspective among "The four fundamental principles of fault tolerance".

[citation needed] The inheritance of file privileges by a process are determined by the semantics of the exec() family of system calls.

The Trusted Computer System Evaluation Criteria (TCSEC) concept of trusted computing base (TCB) minimization is a far more stringent requirement that is only applicable to the functionally strongest assurance classes(Link to Trusted Computer System Evaluation Criteria section Divisions and classes), namely the classes B3 and A1 (which are functionally identical but differ in terms of evidence and documentation required).

Least privilege has also been interpreted in the context of distribution of discretionary access control (DAC) permissions, for example asserting that giving user U read/write access to file F violates least privilege if U can complete their authorized tasks with only read permission.

The principle of least privilege demonstrated by privilege rings for the Intel x86