On 8 Jul 2011, at 19:08, Brian Reichert wrote:
> On Fri, Jul 08, 2011 at 07:42:12AM +0400, Ilya Bakulin wrote:
>> The question is: which applications should also be processed? I think
>> that the most wanted candidates are SUID programs and/or popular network
> I propose 'man'; sneaky stuff can happen there....
> Dunno if that meshes with your focus on servers, though...
This seems like a perfect example of something that wants to be sandboxed, especially in a post-nroff mandoc world where a single C binary can be sandboxed.