Subject: Re: i386 IO access and chroot()
To: None <>
From: Christos Zoulas <>
List: tech-security
Date: 07/13/2001 20:17:42
In article <>,
matthew green <> wrote:
>   If a chrooted daemon is running as root, you've already lost. (That
>   is, there are plenty of other ways for root to get out of a chroot
>   jail.)
>oh, really?  please show us these in NetBSD?

If the security level is < 1 it can be easily be done. Open /dev/kvm,
walk through the process table, find your pid, change its cwdinfo to
another pid's fixing the reference counts. If the security level is
With == 1 you can play tricks with mount points and chroot(2).
With == 2 it is difficult.