I'd like to be able to "jail" various untrusted applications, such as 
my netbrowser.  Chroot() is the obvious choice, but it requires root 
privileges.  However -- supposed we changed chroot() so that it didn't 
require root, but if executed by a non-root process, setuid and setgid 
would not be honored.  More precisely, we change the code in 
exec_script and kern_exec that checks the setuid/setgid bits; if 
cwdi_rdir is non-null, don't honor those bits.

Comments?  (I wish that socket() went through the file system, so that 
I could restrict network access that way, too.)

		--Steve Bellovin, http://www.research.att.com/~smb (me)
		http://www.wilyhacker.com (2nd edition of "Firewalls" book)