This depends on what issues you are refering to. The two
(semi-serious) problems that Marcus pointed out wrt to passive
translators and firmlinks can be solved. As was pointed out by
Bushenell, and someone else.
I would like to see these solutions.
Could someone please show them to me?
The major problem was that one could use firmlinks to escape a chroot.
The solution to that is to simply not use chroot, and use what was
specifically designed for the task, namley sub-hurds.
The problem with sub-hurd's was that they provided a very secure
enviroment, and that you could not share devices between the sub-hurd
and the currently running system. The purposed solution for that was
to have a special way to selectivley open holes (much like a network
firewall) to the underlying system.
