Systrace

This can mitigate the effects of buffer overflows and other security vulnerabilities.

It was developed by Niels Provos and runs on various Unix-like operating systems.

Systrace is particularly useful when running untrusted or binary-only applications and provides facilities for privilege elevation on a system call basis, helping to eliminate the need for potentially dangerous setuid programs.

It was removed from NetBSD at the end of 2007 due to several unfixed implementation issues.

As of version 1.6f Systrace supports 64-bit Linux 2.6.1 via kernel patch.