diff -ruN nchat-3.2pre7/makefile.lnx nchat-3.2pre7-drt/makefile.lnx
--- nchat-3.2pre7/makefile.lnx	Tue Mar 21 03:08:41 2000
+++ nchat-3.2pre7-drt/makefile.lnx	Sun Apr  2 13:03:40 2000
@@ -5,22 +5,25 @@
 # -DI_AM_STUPID         if you want to run nchat as root (not advised :)) 
 # -DINET_ATON           if you don't have inet_aton 
 # -DARCH_IS_BIG_ENDIAN  by default it is assumed your machine is big
-#                       endian, if its not you must set this to 0,
-#                       otherwise password authentication will fail
+#                       endian (e.g. PPC), if its not (e.g. x86) you must set
+#                       this to 0, otherwise password authentication will fail
+# -DPARANOIA            if you want to drop privileges in a daemontools like
+#                       manner. After binding to our socket nchat will 
+#                       chgid to $GID, chuid to $UID and chroot to $ROOT
 ###############################################################################
 
 include config.h
 
 CFLAGS = -Wall -ggdb -g3 -DHAVE_VSNPRINTF -DBASE_DIR=\"$(BASE_DIR)\" \
-         -DARCH_IS_BIG_ENDIAN=0
+         -DARCH_IS_BIG_ENDIAN=1 -DPARANOIA
 CC = gcc
 
 all: nchat userdb
 
 nchat: nchat.o socket.o node.o user_edit.o ansi.o ban.o commands.o \
-       class.o md5.o news.o mail.o
+       class.o md5.o news.o mail.o sectools.o
 	$(CC) -o nchat nchat.o node.o socket.o user_edit.o ansi.o ban.o \
-	commands.o class.o md5.o news.o mail.o
+	commands.o class.o md5.o news.o mail.o sectools.o
 nchat.o: nchat.c nchat.h
 	$(CC) $(CFLAGS) -c nchat.c
 socket.o: socket.c nchat.h
diff -ruN nchat-3.2pre7/nchat.c nchat-3.2pre7-drt/nchat.c
--- nchat-3.2pre7/nchat.c	Tue Mar 21 03:08:41 2000
+++ nchat-3.2pre7-drt/nchat.c	Sun Apr  2 13:21:18 2000
@@ -2,6 +2,8 @@
  * NexusChat Linux Server [ the Next Chat ]
  * Copyright (c) 1998-99 by Bryan Burns 
  *
+ * chrooting 000402 drt(at)ailis.de
+ *
  * This program is free software; you can redistribute it and/or
  * modify it under the terms of the GNU General Public License
  * as published by the Free Software Foundation; either version 2
@@ -24,6 +26,9 @@
 #include "socket.h"
 #include "ansi.h"
 #include "class.h"
+#ifdef PARANOIA
+  #include "sectools.h"
+#endif
 
 int main( int argc, char **argv ) {
    struct sockaddr_in clientAddr;
@@ -33,12 +38,14 @@
    short r;
    
 #ifndef I_AM_STUPID
+#ifndef PARANOIA
    /* don't run as root */
    if( geteuid() == 0 ) {
       if(quiet == 0) fprintf( stderr, "%s: won't run as root\n", argv[0] );
       return -1;
    }
 #endif
+#endif
 
    /* set server defaults */
    set_defaults();                              
@@ -55,6 +62,13 @@
    load_classes();                       /* load class tables */
    ban_read_list(&ban_list, BAN_FILE);   /* load ip bans */
    init();                               /* initialize daemon socket and listen */
+#ifdef PARANOIA
+   if ( quiet == 0 ) {
+      printf( "# Dropping root...");
+   }
+   droproot(argv[0]);
+   printf( "done\r\n");
+#endif
    save_pid();
   
    time( &up_time );                 /* ready now, save uptime for use in /s */
diff -ruN nchat-3.2pre7/sectools.c nchat-3.2pre7-drt/sectools.c
--- nchat-3.2pre7/sectools.c	Thu Jan  1 01:00:00 1970
+++ nchat-3.2pre7-drt/sectools.c	Sun Apr  2 16:53:07 2000
@@ -0,0 +1,92 @@
+/* misc functions for extra security 
+ * 000402 drt(at)ailis.de - http://drt.ailis.de/
+ * heavily inspired by Dan Bernsteins work - http://cr.yp.to/ 
+ * If you think you need a licence for this you should may
+ * act as if it came with a BSD License
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <unistd.h>
+
+unsigned int scan_ulong();
+void droproot(char *);
+
+unsigned int scan_ulong(s,u) register char *s; register unsigned long *u;
+{
+  register unsigned int pos; register unsigned long result;
+  register unsigned long c;
+  pos = 0; result = 0;
+  while ((c = (unsigned long) (unsigned char) (s[pos] - '0')) < 10)
+    { result = result * 10 + c; ++pos; }
+  *u = result; return pos;
+}
+
+void droproot(char *fatal)
+{
+  char *x;
+  unsigned long id;
+
+  x = getenv("ROOT");
+  if (!x)
+    {
+      fprintf(stderr, "%s $ROOT not set\r\n", fatal);
+      exit(111);
+    }
+  if (chdir(x) == -1)
+    {
+      fprintf(stderr, "%s unable to chdir to ", fatal);
+      perror(x);
+      exit(111);
+    }
+  if (chroot(".") == -1)
+    {
+      fprintf(stderr, "%s unable to chroot to ", fatal);
+      perror(x);
+      exit(111);
+    }
+
+  x = getenv("GID");
+  if (!x)
+    {
+      fprintf(stderr, "%s $GID not set\r\n", fatal);
+      exit(111);
+    }
+  scan_ulong(x,&id);
+  if (setgid((int) id) == -1)
+    {
+      fprintf(stderr, "%s ", fatal);
+      perror("unable to setgid");
+      exit(111);
+    }
+  
+  x = getenv("UID");
+  if (!x)
+    {
+      fprintf(stderr, "%s $UID not set\r\n", fatal);
+      exit(111);
+    }
+  scan_ulong(x,&id);
+  if (setuid((int) id) == -1)
+    {
+      fprintf(stderr, "%s ", fatal);
+      perror("unable to setuid");
+      exit(111);
+    }
+}
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff -ruN nchat-3.2pre7/sectools.h nchat-3.2pre7-drt/sectools.h
--- nchat-3.2pre7/sectools.h	Thu Jan  1 01:00:00 1970
+++ nchat-3.2pre7-drt/sectools.h	Sun Apr  2 13:06:21 2000
@@ -0,0 +1 @@
+extern void droproot(char *);