I wouldn't be as quick to declare that this is a Linux failing point. There are no guarantees made by any system that chroot() will ensure that exploits are not possible. chroot() is a UNIX hack to redefine /, and this is where its claim ends. If one truly wants a box to contain a user, one should consider using a virtual machine of some sort.

It isn't that 'other systems are sane', but rather, 'other systems implement chroot() as a more elaborate hack.' The cost, of course, is performance, and code complexity. Is Linux wrong for not choosing this path? I don't believe so. I believe it is wrong for people to assume that silver bullets to their security problems exist... :-)