Setuid programs are often exploited by malicious attackers to obtain unauthorized access to local systems. Setuid programs, especially owned by the root user, are granted root privileges, allowing attackers to gain root privileges by exploiting vulnerabilities in the setuid-root programs. The vulnerabilities usually lie in code that does not require root privileges. Nevertheless, the entire code of setuid-root programs is granted root privileges. This paper presents a scheme called privileged code minimization that reduces the risk to setuid programs. In this scheme, setuid-root programs are divided into privileged code and non-privileged code. Privileged code is granted root privileges, while non-privileged code is not. This scheme reduces the size of trusted computing base (TCB) because it reduces the code running with root privileges, reducing the chances of attackers gaining root privileges by subverting setuid programs. Protection between privileged code and nonprivileged code ar...