some mention of this was made on another list i read, and it was
suggested that i mention it here so that others might learn of it and
what it means.

the example kernel message "chrooted pid 10438 uid 32764 (ftpd)
detected outside of its chroot" can be slightly alarming if you don't
understand what it means, so here are two ways to make it happen:

(as a regular user or as root)		(as root so you can use chroot)

% mkdir -p /tmp/outside/chroot/bin
% cp /bin/sh /tmp/outside/chroot/bin

					# chroot /tmp/outside/chroot /bin/sh
					# cd bin


% mv /tmp/outside/chroot/bin /tmp/outside

					# cd ..

/netbsd: chrooted pid 20517 uid 0 (sh) detected outside of its chroot

- or -

% mkdir -p /tmp/foo/bin
% cp /bin/sh /tmp/foo/bin

					# chroot /tmp/foo /bin/sh
					# cd bin

% rm -rf /tmp/foo

					# cd ..

/netbsd: chrooted pid 5358 uid 0 (sh) detected outside of its chroot

so if you have, for example, an ftpd serving files from a cvs tree
that you are actively updating, and the ftpd is in a directory that
the cvs update subsequently prunes, ftpd can trigger this warning.

now you know.  :)

-- 
|-----< "CODE WARRIOR" >-----|
codewarrior@daemon.org             * "ah!  i see you have the internet
twofsonet@graffiti.com (Andrew Brown)                that goes *ping*!"
werdna@squooshy.com       * "information is power -- share the wealth."