On Monday, January 27, 2003, at 07:52  pm, David Young wrote:
>   It is a problem in UNIX that a program runs with all the privileges 
> of
>   the user who runs it, privileges to read/write files and devices, to
>   bind sockets, to occupy slots in the process table, and to use the 
> CPU.
>   Chroot is an imperfect way to reduce privileges.

and ...

>   In UNIX, processes are ordinarily trusted to
>   exercise a tiny number of countless privileges. Most security 
> exploits
>   are taking advantage.

Makes me think you want systrace, but perhaps I'm missing something.
Seems like it can solve most, if not all, of your (quite justified) 
worries.

//joelw