Passing Privileges to Another Program

A process executing a program that has no allowed privileges cannot use any privileges because it cannot put any privileges into its effective set even if it inherits privileges from another trusted process. Such a process, however, can pass its inheritable privileges through to another program that it executes, one which might have allowed privileges and which therefore can use the inheritable privileges. The process executing the program without allowed privileges can pass privileges to another program because the inheritable set of the process is not affected by the lack of allowed privileges on the program. The following figure shows the inheritance mechanism.

Figure 13-1 How an Unprivileged Program Can Pass On Privileges

Previous: Privilege Enabling Mechanisms
Next: Not Passing Forced Privileges via Shell Scripts