Privilege Seperation Setuid programs or daemons Setup objects that require privilege SOCK_RAW, pty, reserved port Fork process Jail one process -- the complicated one Other process remains root, stays outside The two communicate over a socket Includes: sshd X server (and xdm) xconsole We are investigating seperation in httpd, ftpd, isakmpd