Subject: Re: Escaping a chroot jail
To: None <>
From: Steven M. Bellovin <>
List: tech-security
Date: 07/14/2005 10:46:31
In message <20050714143330.GD9104@localhost>, Bernd Sieker writes:
>On 14.07.05, 10:01:41, Michael Richardson wrote:
>>   a) you can build it in. I used to do that regularly.
>>      (I tried for awhile to get it accepted as a standard device...
>>      I take it that this never happened)
>>   b) you can load the module before securelevel->1.
>Actually, you _must_ load it before. lkm loading is only possible
>in securelevel 0. So you're not effectively running a system with
>lkm support enabled (see lkm(4).)

Sure, I understand that.  On secure machines, I'm still happier with 
the facility non-existent rather than controlled by a mode bit.

Why?  For fun, I ran rcorder on my machine.  rc.d/securelevel is number 
62 in the list.  Among the things that preceed it are dhclient, racoon, 
named, ntpdate, rpcbind, ypserv, cleartmp, nfsd, and nfslocking.  Do 
you trust all of them?  I don't.  (And to bring things back to the 
context of this discussion, named is one of the programs that normally 
runs chrooted, for good and sufficient reason.)

		--Steven M. Bellovin,