Implementation: Privilege Separation


very important: very very very strict validity checks upon receival of the messages - the unprivileged client is untrusted

if something is wrong with a message from the unprivilged process, fail immediately and hard - exit, without ever talking to the client again