SBPC concentrates on program logic, introduces the notation of privilege state for privilege control; constructs the explicit relationship between privileges and their parameters; and improves the privilege computing mechanism of privileged process.
SBPC该机制以程序逻辑为中心,引入了特权状态的概念来进行特权控制;构建了特权与特权参数之间的显式关系;完善了特权进程的特权计算机制。
参考来源 - 可信进程机制及相关问题研究·2,447,543篇论文数据,部分数据来源于NoteExpress
另一个常见的方法是,使用特权启动一个程序,这个程序然后派生放弃所有特权的第二个进程,而由这个进程来做大部分工作。
Another common approach is to start a program with privileges, which then forks a second process that gives up all privileges and then does most of the work.
例如,您可以有一个具有特定特权的小的“服务器(server)”进程;那个服务器只允许特定的请求,而且只是在确认请求者被允许发出请求之后。
For example, you could have a small "server" process that has special privileges; that server allows only certain requests, and only after verifying that the requester is allowed to make the request.
通常,进程以使用它们的用户和组身份运行,不过,“setuid”或“setgid”的程序会获得拥有这个程序的用户或组的特权。
Normally, processes run as the user and groups of their user, but a "setuid" or "setgid" program picks up the privileges of the user or group that owns the program.
应用推荐