Extended Security Systrace kernel system call interception policy files per binary (ie bin_ksh) allows for privilege elevation (permit-as) comparison of arguments, user/group id PrivSep splits single executable into two pieces parent runs as root, child as non-root user combined with chroot(), minimizes exposure OpenSSH, X, Apache, ISAKMPD (-current) Few SetUID root applications many systems audited combined with permissions and setgid, reduce root code or revoke privilege Extendable, configurable