> What are the dangers posed by someone gaining root access, as through a > trojaned ftpd, in a _chrooted_ environment, assuming that the environment > gets chrooted before there's any chance of compromise? Granted, you > don't want strangers enabled to wreak havoc with your ftp heirarchy > (and planting _more_ trojans), but what kind of threats can be posed > to the rest of the system from such a toehold? well, one of the bugs that was fixed permitted (on rare systems, none of mine and none i know of) the root access before the chroot (!) happened. however, even after chrooting, if you didn't get chrooted to a device that is mounted "nosuid,nodev", you can either create setuid executables that other nonchrooted users can use, or you can make your own /dev entries (which, once you open them, aren't affected by chroot -- they should be!).