Ken Hardy wrote: >What are the dangers posed by someone gaining root access, as through a >trojaned ftpd, in a _chrooted_ environment, assuming that the environment >gets chrooted before there's any chance of compromise? Since the particular directory you are talking about is the ftp directory, a BadGuy(tm) could upload himself all the things he needs to break out of a chroot filesystem. A precompiled program that uses fchroot(1) could be uploaded and run as root to get you to the "real" filesytem. A BadGuy(tm) could also upload and use mknod(8) to break out of the chroot since devices have no idea whether they are chrooted or not. In summary, chroot() is only effective if you control what files a person has access to within the chroot-ed area. This is not normally the case with a compromised ftp directory. - William McVey Purdue University Computing Center Systems Administration Group