In article <17668.995031778@splode.eterna.com.au>,
matthew green <mrg@eterna.com.au> wrote:
>   
>   If a chrooted daemon is running as root, you've already lost. (That
>   is, there are plenty of other ways for root to get out of a chroot
>   jail.)
>
>
>oh, really?  please show us these in NetBSD?

If the security level is < 1 it can be easily be done. Open /dev/kvm,
walk through the process table, find your pid, change its cwdinfo to
another pid's fixing the reference counts. If the security level is
With == 1 you can play tricks with mount points and chroot(2).
With == 2 it is difficult.

christos