The major problem was that one could use firmlinks to escape a chroot.
The solution to that is to simply not use chroot, and use what was
specifically designed for the task, namley sub-hurds. Can you find, and show me, messages or text where this approach was written up in more detail?
