1. Technical Field
The present invention relates to a system and method that controls the privileges that a child process receives from a parent process. More particularly, the present invention relates to a system and method that uses policies that can be customized to determine the privileges that the child process inherits from its parent.
2. Description of the Related Art
Operating system access control mechanisms are intended to protect programs and data from corruption, yet still allow sharing of system resources. These access control mechanisms attempt to support a broad range of authorization policies. While useful in limiting users and applications from accessing critical, or sensitive, processes and data, these access control mechanisms are implemented and largely fixed in an operating system. Today, large complex software applications, often with many layers and functions, execute on operating system. However, due to current operating system design, these applications are forced to use the same fixed privileges setup by the operating system. Privileges directed at a particular application are not supported.
In past generations, the operating system was the sole resource used by programs and processes for communication and synchronization. However, as mentioned above, very large application programs, such as IBM's Websphere™ application, are taking on responsibilities formerly performed exclusively by the operating system. As mentioned before, these large applications are forced to use the same set of privileges used by the operating system. Large, complex software applications, such as IBM's Websphere™, are increasingly being structured in terms of a base and a set of extensions which augment the functionality of the base. These complex applications often implement communication and synchronization activities between the base and the extensions without relying upon the operating system.
In addition to the increasing complexity and functionality of software applications, many current operating systems are no longer small, simplistic systems. Instead, current operating systems, even those running on a stand-alone workstations or personal computers, are often extremely complex. For this reason, associating the access control mechanism, such as privileges, solely with an operating system interface makes less sense today than in years past.
A misbehaving process generally has the potential to compromise the base system it extends because extensions are typically executed in the same address space and with the same privileges as the base and, therefore, have access to resources on which the base depends. Moreover, once compromised, a process having been granted operating system level privileges might wreck havoc on a system by abusing its privileges. This can either be in the form of processes that have bugs or logic errors that cause unforeseen difficulties to malevolent processes, such as viruses, that deliberately abuse and thwart access control mechanisms in order to disrupt, or even damage, the computer system.