In message <4390521C.9090707@NetBSD.org>, Elad Efrat writes:
>
>Can you give me an example of a root-owned process inside a chroot()?
>most, if not all examples of chroot() usage I know make sure to drop
>root privileges.
>

ntpd.  ftpd has to run as root part of the time, to bind to port 20.  
apache keeps a portion of itself as root; suexec, if you use it (and 
you probably should), always runs as root.

Elad, you've given your reasons why using sysctl isn't a problem.  What 
you haven't said clearly enough for me is why it's an advantage.

		--Steven M. Bellovin, http://www.cs.columbia.edu/~smb