Back to Security Pattern Catalog
: Core Security, Tampering
Compartmentalization is a high level pattern that suggests breaking up the task into smaller processes. It does not eliminate the problem of compromise in one process affecting other processes because processes communicate. Distributing responsibility among processes reduce this vulnerability. However, processes having shared resources are still not secure from attack.
How can we design a system that is secure in a manner that compromise in one process does not affect another?
Run the processes under separate least privilege user ids. Also, the programs/processes should be run in a controlled environment with limited access to system files. This will limit the exploits of an attacker. In UNIX, this is achieved by running the processes in a chroot jail.
Almost all Postfix processes run inside a chroot jail.
Hafiz et. al
Last modified: May 05, 2012
and Maintained by: Munawar Hafiz