...
Another essential step is to drop superuser privileges permanently after these calls so as to be in agreement with (see POS02-A. Follow the principle of least privilege). The chroot() system call is not secure against the superuser changing the current root directory (if privileges are not dropped) and may be ineffective if the current working directory is not set to the new root directory immediately following the call to chroot(). Successful jail creation prevents unintentional file system access even if an attacker gives malicious input, such as through command line arguments.
...