On Fri, Jul 13, 2001 at 06:50:11PM -0400, Greg A. Woods wrote:
> If I'm not mistaken there are already some papers suggesting methods...

Here is one:

http://www.bpfh.net/simes/computing/chroot-break.html

(Not saying whether this would or would not work in securelevel 2, but
the page is very informative.)