A program, device, or person is granted
privileges not strictly required in order to perform their function and the
excess privilege is exploited to gain further privilege or otherwise attack
the system. Examples include Unix-based SetUID programs granted root access
exploited to grant attackers unlimited access, access to unauthorized
need-to-know information by a systems administrator granted too-flexible
maintenance access to a network control switch, and user-programmable DMA
devices reprogrammed to access normally unauthorized portions of memory.
Complexity: Determining whether a privileged program grants excessive
capabilities to an attacker appears, in general, to be as hard as proving
program correctness, which is at least NP-complete and may be nearly
exponential depending on what has to be shown. Determining what privileges
a program should be granted and has been granted may be somewhat easier
but no substantial analysis of this problem has been published to date.
fc@red.a.net