Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: OT? Are chroots immune to buffer overflows?

From: Edwin Groothuis <edwin () mavetju org>
Date: Wed, 22 May 2002 22:53:15 +1000
On Wed, May 22, 2002 at 03:48:16PM +1200, Jason Haar wrote:

[note: my question is WRT non-root chrooted jails - we all know about
chroot'ing root processes!]

Most buffer overflows I've seen attempt to infiltrate the system enough to
run /bin/sh. In chroot'ed environments, /bin/sh doesn't (shouldn't!) exist -
so they fail.

Is it as simple as that? As 99.999% of the system binaries aren't available
in the jail, can a buffer overflow ever work?


A buffer-overflow allows an attacker to execute any piece of code.
Most of the this it is the running of /bin/sh because it gives the
attacker the biggest playingfield, but it can be anything.

For example with a DNS server in a chrooted environment, it can be
told to unlink the named.conf. Not that the attacker can do anything
usefull with it then, but it does some damage.

Edwin

-- 
Edwin Groothuis      |           Personal website: http://www.MavEtJu.org
edwin () mavetju org    |        Interested in MUDs? Visit Fatal Dimensions:
bash$ :(){ :|:&};:   |                    http://www.FatalDimensions.org/
Previous By Date Next
Previous By Thread Next

Current thread: