Setuid Culling We used to ship with approx 40 setuid binaries We now ship with about 8 of consequence that means "they still scare me a bit" chfn, login, passwd, rsh, su, sudo, lockspool, authpf Most of these are about 50 - 300 lines of code This was done by using more groups new user id's a fair amount of code rewrite We also managed to get rid of numerous setgid programs