Open main menu
Home
Random
Recent changes
Special pages
Community portal
Preferences
About Wikipedia
Disclaimers
Incubator escapee wiki
Search
User menu
Talk
Dark mode
Contributions
Create account
Log in
Editing
Privilege separation
(section)
Warning:
You are not logged in. Your IP address will be publicly visible if you make any edits. If you
log in
or
create an account
, your edits will be attributed to your username, along with other benefits.
Anti-spam check. Do
not
fill this in!
== Examples == === Dovecot === Another email server software designed with privilege separation and security in mind is [[Dovecot (software)|Dovecot]].<ref>{{Cite web |date=August 14, 2024 |title=System users used by Dovecot |url=https://doc.dovecot.org/admin_manual/system_users_used_by_dovecot/ |url-status=live |archive-url=http://web.archive.org/web/20240630132501/https://doc.dovecot.org/admin_manual/system_users_used_by_dovecot/ |archive-date=June 30, 2024 |website=doc.dovecot.org}}</ref> === OpenBSD === Separation of privileges is one of the major [[OpenBSD security features]].<ref>{{Cite web |last=Obser |first=Florian |date=February 19, 2023 |title=Privilege drop, privilege separation, and restricted-service operating mode in OpenBSD |url=https://sha256.net/privsep.html |url-status=live |archive-url=http://web.archive.org/web/20240606081613/https://sha256.net/privsep.html |archive-date=June 6, 2024 |website=sha256.net}}</ref><ref>{{Cite web |last=de Raadt |first=Theo |date=September 24, 2006 |title=Exploit Mitigation Techniques |url=https://www.openbsd.org/papers/ven05-deraadt/ |url-status=live |archive-url=http://web.archive.org/web/20240515040432/https://www.openbsd.org/papers/ven05-deraadt/ |archive-date=May 15, 2024 |website=[[OpenBSD]]}}</ref> === OpenSSH === OpenSSH uses privilege separation to ensure ''pseudo terminal'' ('''''pty''''') creation happens in a secure part of the process, away from per connection processes with network access.<ref>{{Cite web |last=Provos |first=Niels |date=August 9, 2003 |title=Privilege Separated OpenSSH |url=http://www.citi.umich.edu/u/provos/ssh/privsep.html |url-status=live |archive-url=http://web.archive.org/web/20240806014140/http://www.citi.umich.edu/u/provos/ssh/privsep.html |archive-date=August 6, 2024 |website=Center for Information Technology Integration}}</ref> === Postfix === The implementation of [[Postfix (software)|Postfix]] was focused on implementing comprehensive privilege separation.<ref>{{Cite web |date=2024 |title=Postfix Architecture |url=http://www.postfix.org/OVERVIEW.html |url-status=live |archive-url=http://web.archive.org/web/20240803142920/http://www.postfix.org/OVERVIEW.html |archive-date=August 3, 2024}}</ref><ref>{{Cite web |date=2022 |title=Privilege Separation |url=https://61600.csail.mit.edu/2022/lec/l20-privsep.txt |url-status=live |archive-url=http://web.archive.org/web/20240723122815/https://61600.csail.mit.edu/2022/lec/l20-privsep.txt |archive-date=July 23, 2024 |website=csail.mit.edu}}</ref> === Solaris === [[Solaris (operating system)|Solaris]] implements a separate set of functions for [[privilege bracketing]].<ref>{{Cite web |date=2010 |title=Bracketing Effective Privileges |url=https://docs.oracle.com/cd/E19109-01/tsolaris8/816-1042/6m7g4ma52/index.html |url-status=live |archive-url=http://web.archive.org/web/20240814171612/https://docs.oracle.com/cd/E19109-01/tsolaris8/816-1042/6m7g4ma52/index.html |archive-date=August 14, 2024 |website=Trusted Solaris Developer's Guide}}</ref>
Edit summary
(Briefly describe your changes)
By publishing changes, you agree to the
Terms of Use
, and you irrevocably agree to release your contribution under the
CC BY-SA 4.0 License
and the
GFDL
. You agree that a hyperlink or URL is sufficient attribution under the Creative Commons license.
Cancel
Editing help
(opens in new window)