Subject: Re: chroot: why super-user only?
To: David Young <>
From: Joel Wilsson <>
List: tech-kern
Date: 01/27/2003 21:09:08
On Monday, January 27, 2003, at 07:52  pm, David Young wrote:
>   It is a problem in UNIX that a program runs with all the privileges 
> of
>   the user who runs it, privileges to read/write files and devices, to
>   bind sockets, to occupy slots in the process table, and to use the 
> CPU.
>   Chroot is an imperfect way to reduce privileges.

and ...

>   In UNIX, processes are ordinarily trusted to
>   exercise a tiny number of countless privileges. Most security 
> exploits
>   are taking advantage.

Makes me think you want systrace, but perhaps I'm missing something.
Seems like it can solve most, if not all, of your (quite justified)