tech-security: Re: Escaping a chroot jail

Subject: Re: Escaping a chroot jail
To: Steven M. Bellovin <smb@cs.columbia.edu>
From: Michael Richardson <mcr@sandelman.ottawa.on.ca>
List: tech-security
Date: 07/14/2005 10:01:41

-----BEGIN PGP SIGNED MESSAGE-----


>>>>> "Steven" == Steven M Bellovin <smb@cs.columbia.edu> writes:
    Steven> Thanks, though I confess that the thought of a security mechanism 
    Steven> requiring LKM to be enabled is amusing...

  a) you can build it in. I used to do that regularly.
     (I tried for awhile to get it accepted as a standard device...
     I take it that this never happened)

  b) you can load the module before securelevel->1.

- -- 
] Michael Richardson          Xelerance Corporation, Ottawa, ON |  firewalls  [
] mcr @ xelerance.com           Now doing IPsec training, see   |net architect[
] http://www.sandelman.ca/mcr/    www.xelerance.com/training/   |device driver[
]                    I'm a dad: http://www.sandelman.ca/lrmr/                 [

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
Comment: Finger me for keys

iQCVAwUBQtZwQoqHRg3pndX9AQG52gQApLMnObvTWR+yj10n6VoW1eYyAUkdcGl+
DHjJX9/faTLozr8K0iOX00kh7gGJQXh5FRdO6QHg6t7qzwwIauKEJT1LtBTekGVG
jKAMNi1fpwi+6yPgRIXfnw/p1W+ijn55mhnNagjRxYWzRIrmjGzu9HmyTDtJE0MT
mScDAkjIyUI=
=MOsp
-----END PGP SIGNATURE-----