Weaknesses in this category occur with improper enforcement of sandbox environments, or the improper handling, assignment, or management of privileges.
This can strongly overlap authorization errors.
Many of the following concepts require deeper study. Most privilege problems are not classified at such a low level of detail, and terminology is very sparse. Certain classes of software, such as web browsers and software bug trackers, provide a rich set of examples for further research. Operating systems have matured to the point that these kinds of weaknesses are rare, but finer-grained models for privileges, capabilities, or roles might introduce subtler issues.
A sandbox could be regarded as an explicitly defined sphere of control, in that the sandbox only defines a limited set of behaviors, which can only access a limited set of resources.
It could be argued that any privilege problem occurs within the context of a sandbox.
More information is available — Please select a different filter.