|
Lines 187-193
To avoid this scenario, it is recommended that system calls updating the
Link Here
|
| 187 |
process credential be designed to avoid other authorization functions. |
187 |
process credential be designed to avoid other authorization functions. |
| 188 |
.Pp |
188 |
.Pp |
| 189 |
If temporarily elevated privileges are required for a thread, the thread |
189 |
If temporarily elevated privileges are required for a thread, the thread |
| 190 |
credential can by replaced for the duration of an activity, or for |
190 |
credential can be replaced for the duration of an activity, or for |
| 191 |
the remainder of the system call. |
191 |
the remainder of the system call. |
| 192 |
However, as a thread credential is often shared, appropriate care should be |
192 |
However, as a thread credential is often shared, appropriate care should be |
| 193 |
taken to make sure modifications are made to a writable credential |
193 |
taken to make sure modifications are made to a writable credential |
| 194 |
- |
|
|