Subject: Re: Escaping a chroot jail
To: None <tech-security@NetBSD.org>
From: Bernd Sieker <firstname.lastname@example.org>
Date: 07/14/2005 16:33:30
On 14.07.05, 10:01:41, Michael Richardson wrote:
> a) you can build it in. I used to do that regularly.
> (I tried for awhile to get it accepted as a standard device...
> I take it that this never happened)
> b) you can load the module before securelevel->1.
Actually, you _must_ load it before. lkm loading is only possible
in securelevel 0. So you're not effectively running a system with
lkm support enabled (see lkm(4).)
> - --
> ] Michael Richardson Xelerance Corporation, Ottawa, ON | firewalls [
> ] mcr @ xelerance.com Now doing IPsec training, see |net architect[
> ] http://www.sandelman.ca/mcr/ www.xelerance.com/training/ |device driver[
> ] I'm a dad: http://www.sandelman.ca/lrmr/ [
NetBSD - Will even run on i386
-- Brian Hechinger