> All of a sudden, the very presence of those sockets means not just > that a component A running in chroot Ca, with uid Ua, can pass _data_ > to a component B running in chroot Cb, with uid Ub -- which was part > of the design -- but that it can enable B to run new code that was > formerly not available at all in Cb (because all memory and > filesystems available to processes in Cb are either read-only, or > executable, but not both).
It always could, just not with exec()-family calls. Did you read the points you didn't quote about script interpreters and VMs? /~\ The ASCII Mouse \ / Ribbon Campaign X Against HTML mo...@rodents-montreal.org / \ Email! 7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B