One way to limit damage caused by a daemon with an exploited security hole is to run it in "jail", chrooted environment. An example is DNS: http://www.homeport.org/~adam/dns.html
The same mechanism could be used with several other daemons which do not need to access files outside their running directory (xntpd). Some daemons need access in some configurations and not in others, for example apache can be run this way, if you don't need user home directories. There are disadvantages: duplicated libraries take disk and memory space as they are not shared, limitations like above etc. but I still think this could be an option for some security-conscious sites. Some generic support could be included in /sbin/start-stop-daemon (--run-chrooted-in?), but I guess some policy discussions would be in order. -Topi
