Subject: Re: i386 + aperture + 1.6Q
To: Pavel Cahyna <pavel.cahyna@st.mff.cuni.cz>
From: Perry E. Metzger <perry@piermont.com>
List: current-users
Date: 03/28/2003 15:50:47
Pavel Cahyna <pcah8322@artax.karlin.mff.cuni.cz> writes:
> > etc.) do not execute as root when chrooted.
> > 
> > If the attacker does get root, and has the ability to execute
> > arbitrary code (like mknod(2)), you're pretty much lost. I can come up
> > with all sorts of evil things you can do even at high secure level.
> 
> Please continue :-) 

Obvious example: write things to the active swap partition, or start
synthesizing file handles and running fhopen on them, or a thousand
other things.


-- 
Perry E. Metzger		perry@piermont.com