Privilege Separation

Implementation possible for almost any Unix.

Processes are protection domains in Unix.
OS protects address space of process from manipulation and control of unrelated users.

Split the application into parts.
Privileged monitor.
Unprivileged slaves.