Slashdot has an article on “when not to use chroot” which links to a KernelTrap discussion. The basic summary is, there is a UNIX command that lets you change the root (top level) directory to somewhere else, and it is effective for several sysadmin tasks, including “jailing” programs by making sure they can’t see anything other than the files necessary for them to run.
I’ve used chroots several times to fix systems with bad kernels. I’ve used chroots to compile Debian software. I’ve used them to bootstrap system installs. And I’ve used them, in fact continue to use them, even as we speak, for security. And I like to think that I’m not incompetent.
In any endeavor there are people with different levels of skill. I know that I’m not on top in terms of Linux expertise — there are people who were doing Linux before I even had a computer. But I do cringe when I see this sort of ridiculous blanket criticism of a commonly used implementation of a versatile tool. So Bill Joy invented chroots in the 70s because he was having problems with some compiler. Who cares. Today many important programs use or support chroots for improved security, and they do it because it works. So why the need to call people who use tools in effective ways idiots, just because they aren’t using something as it was originally intended?
That sounds like the sort of thing an Apple CEO should say, not an open-source kernel hacker. It’s sort of sad, really. Meanwhile, a have two dozen Apaches humming away, safely jailed in their own chroots, serving up web pages as they have been doing for the last year and a half.