It's not often talked about when hardening, but capabilities are an up-and-coming, arguably better, way of handling Privilege Escalation/Reduced Privileges.
Although Linux support is pretty low (AFAIK), I think it is something we (read: I) should look at.
-Apple 18:33, 27 November 2010 (CET)
I started looking into caps more myself. Windows has a capabilities-like mechanisms. Capabilities, though, at least the Linux implementation are based on a obsoleted POSIX specification draft or something like that. So in the greater ecosystem, I'm not sure how well supported they are. I'd encourage looking into them though and writing about them. Several packages have the
caps USE flag.
Brantgurga 06:49, 28 November 2010 (CET)