This document discusses guidelines for securely writing privileged programs. It recommends operating with least privilege by dropping privileges when they are not needed and reacquiring them only as required. It also recommends confining the process using capabilities or chroot jails, being careful of signals and race conditions, avoiding buffer overflows, and checking return values of system calls. The overall aim is to minimize the chances of a privileged program being subverted and to minimize potential damage if subversion occurs.