|
|
As much care must be put into defining the privileges and access control settings appropriate for a command as goes into writing the command and designing its data. The discretionary access and privilege mechanisms serve no purpose if these controls are not set appropriately on the command and data files installed by a software package.
For example, if you simply assign all fixed privileges to a command on installation, this effectively overrides all system controls for the command. A malicious user could exploit this fact to gain access to files and data unintended by the command's designers.
This section establishes principles upon which installation decisions can be made.