Subject: Re: Escaping a chroot jail
To: Steven M. Bellovin <smb@cs.columbia.edu>
From: Michael Richardson <mcr@sandelman.ottawa.on.ca>
List: tech-security
Date: 07/14/2005 10:01:41
-----BEGIN PGP SIGNED MESSAGE-----
>>>>> "Steven" == Steven M Bellovin <smb@cs.columbia.edu> writes:
Steven> Thanks, though I confess that the thought of a security mechanism
Steven> requiring LKM to be enabled is amusing...
a) you can build it in. I used to do that regularly.
(I tried for awhile to get it accepted as a standard device...
I take it that this never happened)
b) you can load the module before securelevel->1.
- --
] Michael Richardson Xelerance Corporation, Ottawa, ON | firewalls [
] mcr @ xelerance.com Now doing IPsec training, see |net architect[
] http://www.sandelman.ca/mcr/ www.xelerance.com/training/ |device driver[
] I'm a dad: http://www.sandelman.ca/lrmr/ [
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
Comment: Finger me for keys
iQCVAwUBQtZwQoqHRg3pndX9AQG52gQApLMnObvTWR+yj10n6VoW1eYyAUkdcGl+
DHjJX9/faTLozr8K0iOX00kh7gGJQXh5FRdO6QHg6t7qzwwIauKEJT1LtBTekGVG
jKAMNi1fpwi+6yPgRIXfnw/p1W+ijn55mhnNagjRxYWzRIrmjGzu9HmyTDtJE0MT
mScDAkjIyUI=
=MOsp
-----END PGP SIGNATURE-----