# Privilege revocation (computing)

> Mediated Wiki article. Canonical URL: https://mediated.wiki/source/Privilege_revocation_(computing)
> Markdown URL: https://mediated.wiki/source/Privilege_revocation_(computing).md
> Source: https://en.wikipedia.org/wiki/Privilege_revocation_(computing)
> Source revision: 1194400005
> License: Creative Commons Attribution-ShareAlike 4.0 International (https://creativecommons.org/licenses/by-sa/4.0/)

{{for|the legal term|Privilege revocation (law)}}
{{no footnotes|date=December 2008}}
'''Privilege revocation''' is the act of an entity giving up some, or all of, the [privileges](/source/privilege_(computing)) they possess, or some [authority](/source/authority) taking those (privileged) rights away.

== Information theory ==
Honoring the [Principle of least privilege](/source/Principle_of_least_privilege) at a granularity provided by the base system such as [sandbox](/source/Sandbox_(computer_security))ing of (to that point successful) attacks to an unprivileged user account helps in [reliability](/source/Reliability_engineering) of computing services provided by the system. As the chances of restarting such a process are better, and other services on the same machine aren't affected (or at least probably not as much as in the alternative case: i.e. a privileged process gone haywire instead).

== Computer security ==
In [computing security](/source/computing_security) ''privilege revocation'' is a measure taken by a [program](/source/Computer_program) to protect the [system](/source/System_software) against misuse of itself.

Privilege revocation is a variant of [privilege separation](/source/privilege_separation) whereby the program terminates the privileged part immediately after it has served its purpose. If a program doesn't revoke privileges, it risks the [escalation of privileges](/source/privilege_escalation).

Revocation of privileges is a technique of [defensive programming](/source/defensive_programming).

== References ==
*[https://web.archive.org/web/20080827164311/http://www.cesg.gov.uk/products_services/iacs/cc_and_itsec/media/protection-profiles/authpp.pdf Protection Profile for Privilege-Directed Content] Authoriszor Ltd, Ref: Auth_CC/PP/DES/01, Issue 1.3, 22 December 2000
*[http://alum.wpi.edu/~tfraser/Papers/timothy-fraser-2000-1.pdf LOMAC: Low Water-Mark Integrity Protection for COTS Environments] by Timothy Fraser

Category:Information theory
Category:Computer security procedures

---
Adapted from the Wikipedia article [Privilege revocation (computing)](https://en.wikipedia.org/wiki/Privilege_revocation_(computing)) by Wikipedia contributors ([contributor history](https://en.wikipedia.org/wiki/Privilege_revocation_(computing)?action=history)). Available under [Creative Commons Attribution-ShareAlike 4.0 International](https://creativecommons.org/licenses/by-sa/4.0/). Changes may have been made.
