Vulnerability Development mailing list archives
Re: OT? Are chroots immune to buffer overflows?
From: KF <dotslash () snosoft com>
Date: Wed, 22 May 2002 01:23:13 -0400
I thought you just did something like the following in your shellcode... setuid(0) mkdir("blah") chroot("blah") chroot("../../../../../../../../../../../../") execve("/bin/sh",0,0) -KF Kalle Andersson wrote:
Of course can buffer overflows be done with success, but it will be much more difficult. Remember, if you are root inside a chroot-jail you are root on the machine. You can probably someway trick the server into downloading necessary code and files to remount the filesystems into the chroot-environment or make connections to other trusted servers etc etc.... FreeBSD Jails are somewhat more secure, you might want to look into that. Jason Haar wrote:[note: my question is WRT non-root chrooted jails - we all know about chroot'ing root processes!] Most buffer overflows I've seen attempt to infiltrate the system enough to run /bin/sh. In chroot'ed environments, /bin/sh doesn't (shouldn't!) exist - so they fail. Is it as simple as that? As 99.999% of the system binaries aren't available in the jail, can a buffer overflow ever work? -- Cheers Jason Haar Information Security Manager Trimble Navigation Ltd. Phone: +64 3 9635 377 Fax: +64 3 9635 417-- Best Regards Kalle Andersson Technical Manager / EuroTrust Sweden AB kan () virus112 com
Current thread:
- OT? Are chroots immune to buffer overflows? Jason Haar (May 21)
- Re: OT? Are chroots immune to buffer overflows? SpaceWalker (May 22)
- Re: OT? Are chroots immune to buffer overflows? Luciano Miguel Ferreira Rocha (May 23)
- Re: OT? Are chroots immune to buffer overflows? Nelson Sampaio Araujo Junior (May 24)
- Re: OT? Are chroots immune to buffer overflows? aazubel (May 23)
- Re: OT? Are chroots immune to buffer overflows? Luciano Miguel Ferreira Rocha (May 23)
- Re: OT? Are chroots immune to buffer overflows? Valdis . Kletnieks (May 22)
- Re: OT? Are chroots immune to buffer overflows? Kalle Andersson (May 22)
- Re: OT? Are chroots immune to buffer overflows? KF (May 23)
- Re: OT? Are chroots immune to buffer overflows? Edwin Groothuis (May 22)
- Re: OT? Are chroots immune to buffer overflows? Jose Nazario (May 23)
- Re: OT? Are chroots immune to buffer overflows? Kurt Seifried (May 23)
- Re: OT? Are chroots immune to buffer overflows? Berend De Schouwer (May 22)
- Re: OT? Are chroots immune to buffer overflows? L. Walker (May 22)
- Re: OT? Are chroots immune to buffer overflows? Jan Werner (May 23)
- Re: OT? Are chroots immune to buffer overflows? Greg Hunt (May 23)
- Re: OT? Are chroots immune to buffer overflows? Birger Toedtmann (May 22)
- Re: OT? Are chroots immune to buffer overflows? sd (May 22)
- Re: OT? Are chroots immune to buffer overflows? Andreas Ferber (May 22)
(Thread continues...)
- Re: OT? Are chroots immune to buffer overflows? SpaceWalker (May 22)