Basic inheritance

Inheritance of an allowed ability is typically considered insecure, unless an ability is actually explicitly required by forked or spawned child processes. When granting procmgr abilities in most scenarios, you should use the PROCMGR_AOP_INHERIT_NO flag.

Here's a simple example of potentially insecure inheritance, due to the combination of PROCMGR_AOP_ALLOW and PROCMGR_AOP_INHERIT_YES. If you're required to do this in your program, make sure the child doesn't inherit any procmgr abilities that it doesn't really need.

procmgr_ability(0,
                PROCMGR_ADN_NONROOT // Non-root domain
                  | PROCMGR_AOP_ALLOW // Allow the ability
                  | PROCMGR_AOP_INHERIT_YES // Inheritance
                  | PROCMGR_AID_SPAWN_SETUID, // Specified ability
                PROCMGR_AID_EOL // End of ability list.
);

The following code is more secure because the child will inherit the denied setting for the ability, due to the combination of PROCMGR_AOP_DENY and PROCMGR_AOP_INHERIT_YES:

procmgr_ability(0,
                PROCMGR_ADN_NONROOT // Non-root domain
                  | PROCMGR_AOP_DENY // Deny the ability
                  | PROCMGR_AOP_INHERIT_YES // Inheritance
                  | PROCMGR_AID_SPAWN_SETUID, // Specified ability
                PROCMGR_AID_EOL // End of ability list.
);