ERRATA: Molding Sand: Shaping Permissions of Processes
======================================================

Slide 17: setgroups(2)
----------------------
The code example lacks a call to the setgroups(2) system call, as
otherwise the group vector remains the same.

Slide 19: chroot(2)
-------------------
I might have been a little bit too overprecautions in the
recommendation of chroot(2), mainly because I have heard some horror
stories during the time I have learned all of these concepts and the
fact that there exist much stronger APIs by now.

It seems that a chroot(2) to an empty directory followed by a
chdir("/") is fine.