Reducing Privilege Attacks on setuid programs or daemons are supposed to escalate privilege Can we reduce the amount of privilege that privileged programs have? Yes -- using Privilege Revocation ... ping, ping6, portmap rpc.rstatd, rpc.rusersd traceroute, traceroute6 rwalld, pppd, spamd, authpf ftpd, named, httpd .. and Privilege Separation sshd, syslogd, pflogd, isakmpd X server, xterm xdm, xconsole But first we need some new uid's and gid's ...