Subject: Re: Escaping a chroot jail
To: None <>
From: Steven M. Bellovin <>
List: tech-security
Date: 07/14/2005 09:29:00
In message <20050714131230.GC9104@localhost>, Bernd Sieker writes:
>On 14.07.05, 08:42:04, Steven M. Bellovin wrote:
>> Right.  As I noted in my earlier post, chroot() isn't proof against 
>> root.
>> As for the default security level of 1 -- for anyone who wants to run 
>> X, that's simply not possible.  I understand why, of course, but it 
>> doesn't help with everything else. 
>But that's what we have the aperture lkm for. It allows exactly one
>process to get r/w access to the memory space of the VGA board. AFAIK
>almost all modern drivers work with this workaround. In all other
>respects it still has all the features of a normal kernel running
>at securelevel 1. No write access to devices of mounted disks, no
>access to /dev/(k)mem, ...

Thanks, though I confess that the thought of a security mechanism 
requiring LKM to be enabled is amusing...

		--Steven M. Bellovin,