Vulnerability Development mailing list archives
Re: OT? Are chroots immune to buffer overflows?
From: Edwin Groothuis <edwin () mavetju org>
Date: Wed, 22 May 2002 22:53:15 +1000
On Wed, May 22, 2002 at 03:48:16PM +1200, Jason Haar wrote:
[note: my question is WRT non-root chrooted jails - we all know about chroot'ing root processes!] Most buffer overflows I've seen attempt to infiltrate the system enough to run /bin/sh. In chroot'ed environments, /bin/sh doesn't (shouldn't!) exist - so they fail. Is it as simple as that? As 99.999% of the system binaries aren't available in the jail, can a buffer overflow ever work?
A buffer-overflow allows an attacker to execute any piece of code. Most of the this it is the running of /bin/sh because it gives the attacker the biggest playingfield, but it can be anything. For example with a DNS server in a chrooted environment, it can be told to unlink the named.conf. Not that the attacker can do anything usefull with it then, but it does some damage. Edwin -- Edwin Groothuis | Personal website: http://www.MavEtJu.org edwin () mavetju org | Interested in MUDs? Visit Fatal Dimensions: bash$ :(){ :|:&};: | http://www.FatalDimensions.org/
Current thread:
- OT? Are chroots immune to buffer overflows? Jason Haar (May 21)
- Re: OT? Are chroots immune to buffer overflows? SpaceWalker (May 22)
- Re: OT? Are chroots immune to buffer overflows? Luciano Miguel Ferreira Rocha (May 23)
- Re: OT? Are chroots immune to buffer overflows? Nelson Sampaio Araujo Junior (May 24)
- Re: OT? Are chroots immune to buffer overflows? aazubel (May 23)
- Re: OT? Are chroots immune to buffer overflows? Luciano Miguel Ferreira Rocha (May 23)
- Re: OT? Are chroots immune to buffer overflows? Valdis . Kletnieks (May 22)
- Re: OT? Are chroots immune to buffer overflows? Kalle Andersson (May 22)
- Re: OT? Are chroots immune to buffer overflows? KF (May 23)
- Re: OT? Are chroots immune to buffer overflows? Edwin Groothuis (May 22)
- Re: OT? Are chroots immune to buffer overflows? Jose Nazario (May 23)
- Re: OT? Are chroots immune to buffer overflows? Kurt Seifried (May 23)
- Re: OT? Are chroots immune to buffer overflows? Berend De Schouwer (May 22)
- Re: OT? Are chroots immune to buffer overflows? L. Walker (May 22)
- Re: OT? Are chroots immune to buffer overflows? Jan Werner (May 23)
- Re: OT? Are chroots immune to buffer overflows? Greg Hunt (May 23)
- Re: OT? Are chroots immune to buffer overflows? Birger Toedtmann (May 22)
- Re: OT? Are chroots immune to buffer overflows? sd (May 22)
- Re: OT? Are chroots immune to buffer overflows? Andreas Ferber (May 22)
- Re: OT? Are chroots immune to buffer overflows? jove (May 23)
(Thread continues...)
- Re: OT? Are chroots immune to buffer overflows? SpaceWalker (May 22)