In message <20011018015106.6FF431E4DB@thoreau.thistledown.com.au>, Simon Burge 
writes:
>Steve Bellovin wrote:
>
>> The problem is the 'incoming' directory.  My concern is that *if* someone
>> finds a flaw in ftpd (say, a buffer overflow), they could do a mknod in 
>> the upload directory and use that to escape the chroot.  The question is
>> what can I do to prevent that.  I've toyed with adding a 'no special 
>> files' flag to the kernel; I've also checked to see if there's some 
>> mount option akin to nocoredump, but I don't see any.
>
>mount -o nodev ... ?
>
>             nodev       Do not interpret character or block special devices
>                         on the file system.  This option is useful for a
>                         server that has file systems containing special de-
>                         vices for architectures other than its own.

I'll have to think hard about the interactions here -- it would be some 
sort of loopback mount, which means that the special devices would be 
recognized under one name, but not under the other.  I *think* it 
works, but I want to mull it some more.  Thanks.

		--Steve Bellovin, http://www.research.att.com/~smb
		Full text of "Firewalls" book now at http://www.wilyhacker.com