On Mon, 27 Aug 2007, David Laight wrote:
> If the user has write access to any executable filestore, then allowing
> the 'emulation root' of a process to be user settable shouldn't be an issue
> (apart from suid executables).

Sure, but proving that no exploitable suid executables are or ever will
be accessible from inside the emulation root is a lot of work -- much
more work than is reasonable to expect from a syscall or sysctl call.

In case you don't see the necessity for such a proof: consider a suid
copy of /usr/bin/su inside the emulation root, reading insecure versions
of /etc/passwd and friends from inside the emulation root.

--apb (Alan Barrett)