tech-security: Re: Escaping a chroot jail

Subject: Re: Escaping a chroot jail
To: None <tech-security@NetBSD.org>
From: Bernd Sieker <bsieker@rvs.uni-bielefeld.de>
List: tech-security
Date: 07/14/2005 16:33:30

On 14.07.05, 10:01:41, Michael Richardson wrote:
> 
>   a) you can build it in. I used to do that regularly.
>      (I tried for awhile to get it accepted as a standard device...
>      I take it that this never happened)
> 
>   b) you can load the module before securelevel->1.

Actually, you _must_ load it before. lkm loading is only possible
in securelevel 0. So you're not effectively running a system with
lkm support enabled (see lkm(4).)

> 
> - -- 
> ] Michael Richardson          Xelerance Corporation, Ottawa, ON |  firewalls  [
> ] mcr @ xelerance.com           Now doing IPsec training, see   |net architect[
> ] http://www.sandelman.ca/mcr/    www.xelerance.com/training/   |device driver[
> ]                    I'm a dad: http://www.sandelman.ca/lrmr/                 [
> 

-- 
Bernd Sieker

NetBSD - Will even run on i386
		-- Brian Hechinger