Dangers of root in a chrooted environment... Assume now that I have a tcp wrapper that does the chroot for ftpd _whenever_ it's invoked. This is true for non-anonymous as well as anonyous logins; it happens before the ftpd is ever exec'ed. Furthermore, assume that the chrooted-to volume is mounted nosuid,nodev. Can a trojaned ftpd be used to compromise or harm the system outside of the ftp hierarchy? Re: using fchroot to get out of jail; where could the necessary open file descriptor come from? -- I hope this isn't rehashing old news for everyone. A number of security tools use chroot as a part of their standard operating procedure (e.g., TIS' fwtk), so it's important. Any documents available on the subject?