In "Using Oracle Solaris 10 to Overcome Security Challenges," Mark Thacker describes how Oracle Solaris 10 uses the principle of least privilege to reduce the vulnerabilities of applications that perform privileged operations as root.
"Over 65 discrete, fine-grained privileges are built into the kernel and user access space. The concept of privileges as implemented in Oracle Solaris 10 is extended throughout the operating system — even the built-in tools take these rights and privileges into account. Using this approach, administrators can grant new
or existing applications only the appropriate privileges necessary to perform tasks. Many system components such as NFS, the Oracle Solaris Cryptographic Framework, IP Filter, file system mount commands, and more, are already configured to run with reduced privileges by default, with no configuration required by the administrator.
Mark goes on to provide clear explanations of how the following Solaris 10 security features work:
This article is clear, easy to understand, and does a great job of explaining exactly how an admin can use the security tools of Solaris 10 to protect and certify an operating environment. Includes a solid list of security resources.
I found the picture of the bull in this BBC story.