> 
> Pavel Cahyna <pcah8322@artax.karlin.mff.cuni.cz> writes:
> > > > Consider a daemon which runs in a chroot jail. The files and directories 
> > > > in the jail are made immutable. Say that the daemon is exploited and the
> > > > attacker gains root privileges. How will he program the DMA controller
                 ^^^^^^^^^^^^^^^^^^^^^

> > > > of the video card if there is no /dev/xf86 in the chroot jail? But if
> > > > you compile the kernel with option INSECURE, he will be able to inset
> > > > the immutable flag on directories and make any device node he wants.
> > > 
> > > He can't touch any directory he wants, because he's in a chroot jail. :)
> > 
> > He can make new device nodes if he wants, no?
> 
> Not unless you're root. Most NetBSD daemons (ntp, named, postfix,

Of course - see above.

> etc.) do not execute as root when chrooted.
> 
> If the attacker does get root, and has the ability to execute
> arbitrary code (like mknod(2)), you're pretty much lost. I can come up
> with all sorts of evil things you can do even at high secure level.

Please continue :-) 

I believe the idea of securelevel is to disallow many things for
exploiters even if they get root privileges.

Bye	Pavel