Subject: Re: Escaping a chroot jail
To: Michael Richardson <>
From: Steven M. Bellovin <>
List: tech-security
Date: 07/13/2005 18:42:44
In message <>, Michael Richards
on writes:
>>>>>> "Thor" == Thor Lancelot Simon <> writes:
>    >> and then emulating the file system?
>    Thor> "Emulating" the file system?
>  cd /usr/src/sbin/dump; make

Or mknod /dev/kmem and overwrite the root vnode pointer in the 
process's data structures.

chroot() has never been proof against root, for all these reasons and 
more.  It's not a new observation.

		--Steven M. Bellovin,