RE: OT? Are chroots immune to buffer overflows?

[Stuart Adamson <stuart.adamson () evolution net>]

The buffer overflow still exists inside the chroot jail - but
the jail attempts to limit the damage that can be done.  This offers
defence against attacks that exploit other binaries to elevate priviledge,
and as you said, these other binaries hopefully shouldn't be inside the 
chroot.

However, if I want to use your box to attack another box then the lack
of binaries won't stop me - I'll just make my exploit download my own 
and store then in /tmp (or /logs or something) in the chroot jail.


Stuart



> -----Original Message-----
> From: Jason Haar [mailto:Jason.Haar () trimble co nz]
> Sent: 22 May 2002 04:48
> To: vuln-dev () securityfocus com
> Subject: OT? Are chroots immune to buffer overflows?
>
>
> [note: my question is WRT non-root chrooted jails - we all know about
> chroot'ing root processes!]
>
> Most buffer overflows I've seen attempt to infiltrate the 
> system enough to
> run /bin/sh. In chroot'ed environments, /bin/sh doesn't 
> (shouldn't!) exist -
> so they fail.
>
> Is it as simple as that? As 99.999% of the system binaries 
> aren't available
> in the jail, can a buffer overflow ever work?
>
> -- 
> Cheers
>
> Jason Haar
>
> Information Security Manager
> Trimble Navigation Ltd.
> Phone: +64 3 9635 377 Fax: +64 3 9635 417