I've been considering a AST manipulation approach to security lately, substack used a this approach to provide consistent stacktraces in any browser.
https://github.com/substack/node-stackedy It would allow child processes because you could ensure that whenever node starts it instruments the code with the right permissions. I havn't tried this yet though, it could work. The *right* way is surely os level though, as there is hardware support for virtualization at that lever. On Fri, Aug 3, 2012 at 9:23 PM, Bradley Meck <bradley.m...@gmail.com> wrote: > If you do use chroots as jails, beware of chroot jail breaking using fd > exploits and other techniques. Ensure your used is still non-privileged on > the filesystem as appropriate.
