Re: chrooted superuser (was wu-ftpd info.)

[ken () bridge com (Ken Hardy)]

Dangers of root in a chrooted environment...

Assume now that I have a tcp wrapper that does the chroot for ftpd
_whenever_ it's invoked.  This is true for non-anonymous as well as
anonyous logins; it happens before the ftpd is ever exec'ed.
Furthermore, assume that the chrooted-to volume is mounted
nosuid,nodev.  Can a trojaned ftpd be used to compromise or harm the
system outside of the ftp hierarchy?

Re: using fchroot to get out of jail; where could the necessary open
file descriptor come from?

--

I hope this isn't rehashing old news for everyone.  A number of
security tools use chroot as a part of their standard operating
procedure (e.g., TIS' fwtk), so it's important.  Any documents
available on the subject?