From owner-freebsd-security  Fri Nov  1 17:12:10 1996
Return-Path: owner-security
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.5/8.7.3) id RAA20358
          for security-outgoing; Fri, 1 Nov 1996 17:12:10 -0800 (PST)
Received: from www.trifecta.com (www.trifecta.com [206.245.150.3])
          by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id RAA20344
          for <freebsd-security@FreeBSD.org>; Fri, 1 Nov 1996 17:12:05 -0800 (PST)
Received: (from dev@localhost) by www.trifecta.com (8.7.5/8.6.12) id UAA08143; Fri, 1 Nov 1996 20:04:43 -0500 (EST)
Date: Fri, 1 Nov 1996 20:04:43 -0500 (EST)
From: Dev Chanchani <dev@trifecta.com>
To: Marc Slemko <marcs@znep.com>
cc: freebsd-security@FreeBSD.org
Subject: Re: chroot() security
In-Reply-To: <Pine.BSF.3.95.961101161812.22655A-100000@alive.ampr.ab.ca>
Message-ID: <Pine.BSF.3.91.961101200316.8137A-100000@www.trifecta.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-security@FreeBSD.org
X-Loop: FreeBSD.org
Precedence: bulk

On Fri, 1 Nov 1996, Marc Slemko wrote:

> Never loose sight of the fact that if someone gets root in the chrooted
> environment, they have root on the whole machine.  The chrooted
> environment does not lessen the implications of getting root, it only
> makes it harder to do so.

Marc,
Thanks for the reply.
Basically, how can someone get out of a chroot()'ed environment is they 
get root? Can they access the filesystem outsite their chroot()'ed 
directory? I know they can place their own binaries and begin to sniff, 
etc, but can they easily get out of their environment? Also, can a user 
access the inode table or does the kernel only access the inode table?

Thanks..