Privilege separation Part of a routing daemon must be run as root but not all of it. Divide problem into separable subproblems.