Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: OT? Are chroots immune to buffer overflows?

From: Kalle Andersson <kan () virus112 com>
Date: Wed, 22 May 2002 09:23:06 +0200
Of course can buffer overflows  be done with success, but it will be
much more difficult.

Remember, if you are root inside a chroot-jail you are root on the
machine. You can probably someway trick the server into downloading
necessary code and files to remount the filesystems into the
chroot-environment or make connections to other trusted servers etc
etc....

FreeBSD Jails are somewhat more secure, you might want to look into
that.


Jason Haar wrote:


[note: my question is WRT non-root chrooted jails - we all know about
chroot'ing root processes!]

Most buffer overflows I've seen attempt to infiltrate the system enough to
run /bin/sh. In chroot'ed environments, /bin/sh doesn't (shouldn't!) exist -
so they fail.

Is it as simple as that? As 99.999% of the system binaries aren't available
in the jail, can a buffer overflow ever work?

--
Cheers

Jason Haar

Information Security Manager
Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417


--
Best Regards
Kalle Andersson
Technical Manager / EuroTrust Sweden AB
kan () virus112 com
Previous By Date Next
Previous By Thread Next

Current thread: