In message <9404131412.AA01024@racerx> you write: > >What are the dangers posed by someone gaining root access, as through >a trojaned ftpd, in a _chrooted_ environment, assuming that the >environment gets chrooted before there's any chance of compromise? Easy. Here's one way. Copy /bin/sh (from another machine, if necessary) to somewhere in the chrooted tree. Make it setuid root. Log in as another account (not chrooted), eg. guest (or a password-cracked account). Run the setuid /chrooted_tree/bin/sh. Bingo: root. John -- John DiMarco jdd@cdf.toronto.edu Computing Disciplines Facility Systems Manager jdd@cdf.utoronto.ca University of Toronto