> 
> Pavel Cahyna <pcah8322@artax.karlin.mff.cuni.cz> writes:
> > > etc.) do not execute as root when chrooted.
> > > 
> > > If the attacker does get root, and has the ability to execute
> > > arbitrary code (like mknod(2)), you're pretty much lost. I can come up
> > > with all sorts of evil things you can do even at high secure level.
> > 
> > Please continue :-) 
> 
> Obvious example: write things to the active swap partition, or start

How do you write things to the active swap partition if you don't have
the device nodes and can't make them?

> synthesizing file handles and running fhopen on them, or a thousand

??? what's this filehandle thing? It seems quite non-standard and I
don't seem for what the  "filehandle" can be used.

Bye	Pavel