Privilege Revocation Revocation: 1. Use privs to allocate nasty resource ie. SOCK_RAW, reserved port, bpf, /dev/pf, utmp... 2. Use chroot() if possible 3. Revoke privs Doable in simple programs ping, ping6, portmap, rpc.rstatd, rpc.rusersd, pppoe traceroute, traceroute6, rwalld, pppd, spamd, afsd authpf, ftpd, tftpd, httpd, dhcpd, mopd, rbootd