
Privilege Separation 


Separation:

1.    Set up objects that require privilege
2.    Set up a socketpair(), then fork()
3a.  Large process chroots to jail, then revokes privs
3b.  Little process retains privs
4.    Perform most tasks in large process
      Asking little process to do jobs that require privilege

We are still investigating separation in httpd and isakmpd 

Requires complicated and very detailed programming

sshd, syslogd, pflogd, isakmpd
X server, xterm
xdm, xconsole

Very difficult to develop

