27 Dec
2008
27 Dec
'08
11:41 p.m.
On Sat, Dec 27, 2008 at 8:01 PM, Jeremy Shaw
The problem with that function is that chroot affects the root of the whole process.
Yeah. Maybe you want privilege separation. Instead of starting a thread to do the stuff that requires extra authority, make it a separate program and communicate with it with some simple protocol. qmail might be good to look at to get the intuition. You say you can only pass data and get back return codes, but really, you can send and receive whatever you want if the other process does I/O via a UNIX domain socket or something like that.