Privilege Seperation


privilege revocation not always an option

how about one privileged and one unprivileged process

unpriv does all the work

unpriv asks the privileged one for actions that require privs

priv checks requests thoroughly and kills unpriv if things are weird