Why have fixed privileges?

The ability to specify fixed privileges is provided

• to allow certain system processes to run with fixed privileges needed to function as they did in previous releases

• to allow logins other than root to execute privileged commands if desired

• to allow applications programs to be written independent of any particular privilege policy module. Writing privileged applications is covered in ``Guidelines for writing trusted software''.

For example, various system and other processes (owned by unprivileged UIDs) use the ps command in a privileged manner to get the status of processes that are not owned by the same UID. These processes do not run set-UID to 0 and the set-UID-on-execution bit of ps is not set. Therefore, to be executed by non-UID 0 processes in a way that exercises privilege, ps must have the fixed privileges required to return the status of other processes placed upon it. When ps is executed, the privilege mechanism propagates the union of the maximum privileges of the parent process and the fixed privileges of ps to the new process. This new process now has the privileges necessary to get the information required.