• Non-executable user stack area • Restricted /proc /tmp • Same randomness features as OpenBSD • Stop Breaking a chroot() jail • An enhanced implemetation of Trusted Path Execution • ACL system and PAX