Subject: Re: i386 IO access and chroot()
To: None <email@example.com>
From: Christos Zoulas <firstname.lastname@example.org>
Date: 07/13/2001 20:17:42
In article <email@example.com>,
matthew green <firstname.lastname@example.org> wrote:
> If a chrooted daemon is running as root, you've already lost. (That
> is, there are plenty of other ways for root to get out of a chroot
>oh, really? please show us these in NetBSD?
If the security level is < 1 it can be easily be done. Open /dev/kvm,
walk through the process table, find your pid, change its cwdinfo to
another pid's fixing the reference counts. If the security level is
With == 1 you can play tricks with mount points and chroot(2).
With == 2 it is difficult.