Privilege Separation 


Separation:

1.    Set up objects that require privilege
2.    Set up a socketpair(), then fork()
3a.  Large process chroots to jail, then revokes privs
3b.  Little process retains privs
4.    Perform most tasks in large process
      Asking little process to do jobs that require privilege

Requires complicated and very detailed programming

sshd, syslogd, pflogd, isakmpd, bgpd, tcpdump, named
X server, xdm, dhclient, ntpd






Very difficult to develop