Weaknesses in this category occur with improper enforcement of
sandbox environments, or the improper handling, assignment, or management of
privileges.
Potential Mitigations
ID
Phase
Description
1
Very carefully manage the setting, management and handling of
privileges. Explicitly manage trust zones in the software.
Follow the principle of least privilege when assigning access rights
to entities in a software system.
Many of the following concepts require deeper study. Most privilege
problems are not classified at such a low level of detail, and terminology
is very sparse. Certain classes of software, such as web browsers and
software bug trackers, provide a rich set of examples for further research.
Operating systems have matured to the point that these kinds of weaknesses
are rare, but finer-grained models for privileges, capabilities, or roles
might introduce subtler issues.
Theoretical Notes
A sandbox could be regarded as an explicitly defined sphere of control, in
that the sandbox only defines a limited set of behaviors, which can only
access a limited set of resources.
It could be argued that any privilege problem occurs within the context of
a sandbox.
Description
