Vulnerability Development mailing list archives
RE: OT? Are chroots immune to buffer overflows?
From: Stuart Adamson <stuart.adamson () evolution net>
Date: Fri, 24 May 2002 14:16:06 +0100
I would say that chroot jails do not prevent exploitation of buffer overflow vulnerabilities
correct
AND they do not prevent the aftermath of such exploitation either.
They *can* limit the aftermath. It depends what you are trying to defend against.
For example, a chroot jail does not prevent execution of systems calls from within the vulnerable program address space therefore the exploit code can easily break out of the chroot jail
If you have root priviledges then yes - but how do you get root priviledges? Your chroot jail shouldn't contain any suid binaries and your service shouldn't run as root.
or perform socket calls to proxy attacks to other hosts or download more complex exploitation code from the attackers box or a wide range of other interesting things.
Indeed.
If you rely on chroot jails to mitigate the risk of exploitation of a vulnerable program you are wasting your time, it would be better to invest your time in making sure your program doesnt have holes in the first place.
Correctly configured chroot jails limit the damage an attacker can do. If nothing else a chroot will slow them down, giving you and your IDS longer to detected them and sort it out. Chroots are fairly easy to deploy so can be used as a defence in depth tool. I think my program is secure (no audit is guaranteed to find all bugs) but just in case I'll place some firewalls about the place, use capabilities or similar where the OS supports them, run the process under a low priveledged user id and put it in a chroot. Staurt
Current thread:
- Re: OT? Are chroots immune to buffer overflows?, (continued)
- Re: OT? Are chroots immune to buffer overflows? Andreas Ferber (May 22)
- Re: OT? Are chroots immune to buffer overflows? jove (May 23)
- Re: OT? Are chroots immune to buffer overflows? Dave Ahmad (May 23)
- Message not available
- Re: OT? Are chroots immune to buffer overflows? Jason Haar (May 23)
- Re: OT? Are chroots immune to buffer overflows? Andreas Ferber (May 22)
- Re: OT? Are chroots immune to buffer overflows? dev-null (May 22)
- RE: OT? Are chroots immune to buffer overflows? Stuart Adamson (May 22)
- RE: OT? Are chroots immune to buffer overflows? Steve Bremer (May 23)
- Re: OT? Are chroots immune to buffer overflows? Adam Lydick (May 23)
- Re: OT? Are chroots immune to buffer overflows? Iván (May 23)
- Re: OT? Are chroots immune to buffer overflows? Steve Bremer (May 24)
- RE: OT? Are chroots immune to buffer overflows? Stuart Adamson (May 24)
- Re: OT? Are chroots immune to buffer overflows? Hank Leininger (May 28)
- Re: OT? Are chroots immune to buffer overflows? Jose Nazario (May 28)