FastCGI security mechanisms

What can we do?

~~file-system jail~~ (non-root or already in jail)
~~privilege drop~~ (probably already privilege-dropped)
privilege separation: separate logical components
sandboxing: limit available resources

As with CGI, FastCGI is at the mercy of its manager. Given that FastCGI applications need to perform extra work in talking with a communication socket, security is even more important.