Subject: i386 IO access and chroot()
To: None <>
From: Dave Sainty <>
List: tech-security
Date: 07/11/2001 22:18:05
It occurs to me that one could theoretically (but not easily) jump out
of a chroot using i386_iopl(2) and related calls, possibly by
manipulating the hard drives, possibly some other way.

Perhaps these functions (i386_iopl, i386_set_ioperm) should be
disabled for chrooted processes?

A compile time option to disable them might be a good idea too?
(Regardless of what security level you run your kernel at)