Ok, I see, seems like the kernel(s) should forbid to use the chroot
syscall again if a process has already a changed root. :-) Or better
maybe introduce a chroot capability? Hmmm.. there IS a chroot
capability in linux2.4 as listed in include/linux/capability.h! So it
seems at least under linux you could plug that hole.