
$BFC8"J,N%(B (privilege separation)


$BJ,N%(B :

1. $BFC8"$rI,MW$H$9$k%*%V%8%'%/%H$r@_Dj$9$k(B
2. socketpair()$B!"<!$K(B fork() $B$9$k(B
3a. $BBg$-$J%W%m%;%9$O(B chroot jail $B$K@_Dj$7!"FC8"$rL58z$K$9$k(B
3b. $B>.$-$J%W%m%;%9$O(B $BFC8"$rJ];}$9$k(B
4. $BBg$-$J%W%m%;%9$GBgItJ,$N%?%9%/$r<B9T$9$k(B
$B>.$-$J%W%m%;%9$GFC8"$rI,MW$H$9$k%8%g%V$r<B9T$9$k(B

httpd $B$H(B isakmpd $B$K$*$1$kJ,N%$K$D$$$F$O8&5fCf(B

$BJ#;($+$DHs>o$K>\:Y$J%W%m%0%i%_%s%0$,I,MW(B

sshd, syslogd, pflogd, isakmpd
X server, xterm
xdm, xconsole

$B3+H/$,Hs>o$K:$Fq(B

