System and method for changing abilities of a process
First Claim
Patent Images
1. A computer implemented method for changing the abilities of a process comprising:
- associating, by a process manager, each of one or more user-ids with a default set of privileges;
assigning to a process, by the process manager at process creation time, a default set of privileges based on the default set of privileges associated with a user-id of the one or more user-ids, wherein the user-id is an owner of the process;
executing the process, wherein the assigned default set of privileges comprises process abilities that the process is authorized to have while executing in an operating system;
receiving, at a system interface, a request from the process or from a different process to modify the assigned default set of privileges that was assigned to the process at process creation time; and
modifying, by the process manager, the assigned default set of privileges assigned to the process to become a sub-set of the assigned default set of privileges assigned to the process, wherein the modification is applied responsive to the request from the process or from the different process received by the system interface, and the modification to the assigned default set of privileges is applied during subsequent execution of the process wherein the subset of the assigned default set of privileges comprises process abilities that the process is authorized to have while executing in the operating system subsequent to the modification.
4 Assignments
0 Petitions
Accused Products
Abstract
A system and method wherein a set of privileges assigned to a process may be modified responsive to a request. The modification may apply to one or more abilities within the set of privileges and may be applied during execution of the process subsequent to the process creation time. Accordingly a process may be created with a default set of privileges and subsequently the privileges may be modified (e.g. to include a sub-set of the default privileges) thereby mitigating the risk of malicious exploitation of the process through attack.
-
Citations
25 Claims
-
1. A computer implemented method for changing the abilities of a process comprising:
-
associating, by a process manager, each of one or more user-ids with a default set of privileges; assigning to a process, by the process manager at process creation time, a default set of privileges based on the default set of privileges associated with a user-id of the one or more user-ids, wherein the user-id is an owner of the process; executing the process, wherein the assigned default set of privileges comprises process abilities that the process is authorized to have while executing in an operating system; receiving, at a system interface, a request from the process or from a different process to modify the assigned default set of privileges that was assigned to the process at process creation time; and modifying, by the process manager, the assigned default set of privileges assigned to the process to become a sub-set of the assigned default set of privileges assigned to the process, wherein the modification is applied responsive to the request from the process or from the different process received by the system interface, and the modification to the assigned default set of privileges is applied during subsequent execution of the process wherein the subset of the assigned default set of privileges comprises process abilities that the process is authorized to have while executing in the operating system subsequent to the modification. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 25)
-
-
12. A system for changing the abilities of a process comprising:
-
a processor; and memory comprising; a process manager configured to create the process and assign to the process a default set of privileges based on a default set of privileges associated with a user-id that is an owner of the process wherein the assigned default set of privileges comprises process abilities that the process is authorized to have while executing in an operating system; and a system interface configured to receive, from the process or from a different process, a request to modify the assigned default set of privileges that was assigned to the process at process creation time; wherein the process manager is further configured to modify the assigned default set of privileges assigned to the process to become a sub-set of the assigned default set of privileges assigned to the process during execution of the process, wherein the assigned default set of privileges is modified responsive to the system interface receiving the request to modify the assigned default set of privileges from the process or from the different process and the modification to the assigned default set of privileges is applied during subsequent execution of the process, wherein the subset of the assigned default set of privileges comprises process abilities that the process is authorized to have while executing in the operating subsequent to the modification. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21)
-
-
22. A non-transitory computer-readable storage medium encoded with computer executable instructions, the computer executable instructions executable with a processor to change the abilities of a process, the computer-readable storage medium comprising:
-
instructions executable to associate with each of one or more user-ids a default set of privileges; instructions executable to assign to a process, at process creation time, a default set of privileges based on the default set of privileges associated with a user-id of the one or more user-ids, wherein the user-id is an owner of the process; instructions executable to execute the process, wherein the assigned default set of privileges comprises process abilities that the process is authorized to have while executing in an operating system; instructions executable to receive at a system interface, a request from the process or from a different process to modify the assigned default set of privileges that was assigned to the process at process creation time; and instructions executable to modify the assigned default set of privileges assigned to the process to become a sub-set of the assigned default set of privileges assigned to the process, wherein the modification is applied responsive to the request from the process or from the different process received by the system interface, and the modification to the assigned default set of privileges is applied during subsequent execution of the process wherein the subset of the assigned default set of privileges comprises process abilities that the process is authorized to have while executing in the operating system subsequent to the modification. - View Dependent Claims (23, 24)
-
Specification