WHAT'S IN THIS CHAPTER?
Creating factored applications
Administering custom privileges
User interaction for privilege escalation
In Chapter 4, the principle of least privilege was introduced. Applications conforming to this principle use as little privilege as they need to get their work done, for as little time as they need it. Granting a privilege to an app means escalating the capabilities of that app — but how does the operating system decide when that may be permitted? The operating system must be able to identify the user of an application, as described in Chapter 2, and then to decide whether that user is authorized to obtain the privilege requested by an application. If it is authorized, the application gains the right to perform the privileged task.
Since the ability to perform any privileged task is based on the application's obtaining a right to that task, there needs to be a way for the operating system to calculate which users have which rights. In fact, users do not automatically have any rights, but can acquire rights when an application needs to use them. Acquisition of a right depends on being able to satisfy the rules defined for that right in the authorization database.
The design of Authorization Services is such that an application does not need to know the details of the rules, or how the user can adhere to them, in order to obtain a right. The application simply requests a right, and ...