Subject: Re: Escaping a chroot jail
To: Thor Lancelot Simon <>
From: Curt Sampson <>
List: tech-security
Date: 07/15/2005 06:07:24
On Thu, 14 Jul 2005, Thor Lancelot Simon wrote:

> What you really want is for all filesystems with executables or device
> nodes on them to be mounted r/o, and all other filesystems to be
> mounted nodev, noexec.  If you use null mounts to do it, it is easy
> to maintain these filesystems from the outside while the system is
> running.

Having an example of this in the system--say, with ntpd--would be very

Curt Sampson  <>   +81 90 7737 2974
      Make up enjoying your city life...produced by BIC CAMERA