Lines 187-193
To avoid this scenario, it is recommended that system calls updating the
Link Here
|
187 |
process credential be designed to avoid other authorization functions. |
187 |
process credential be designed to avoid other authorization functions. |
188 |
.Pp |
188 |
.Pp |
189 |
If temporarily elevated privileges are required for a thread, the thread |
189 |
If temporarily elevated privileges are required for a thread, the thread |
190 |
credential can by replaced for the duration of an activity, or for |
190 |
credential can be replaced for the duration of an activity, or for |
191 |
the remainder of the system call. |
191 |
the remainder of the system call. |
192 |
However, as a thread credential is often shared, appropriate care should be |
192 |
However, as a thread credential is often shared, appropriate care should be |
193 |
taken to make sure modifications are made to a writable credential |
193 |
taken to make sure modifications are made to a writable credential |
194 |
- |
|
|