One feature present in modern operating systems is a Common Information Model Object Manager (CIMOM). The CIMOM provides for a standardized way for processes to request changes to be made, perhaps to the operating system, perhaps to applications. The CIMOM determines the provider process that should handle the request, and forwards the request to that provider process.
A problem with this design is that sometimes the provider process runs in the same thread as the CIMOM interface. This means that the provider process receives the same user ID (UID) as the CIMOM. Since the CIMOM runs as a root process, the provider process also runs as a root process. But this means that the provider process is capable of making system changes. Since the provider process does not have any information about the process that requested the change, the provider process is capable of making changes to the system on behalf of a user who would ordinarily not have the authority to make such a change.
The invention addresses these problems and others in the art.