Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: OT? Are chroots immune to buffer overflows?

From: dev-null () no-id com
Date: 22 May 2002 12:47:04 -0000
Jason Haar wrote:


Most buffer overflows I've seen attempt to infiltrate the system enough to
run /bin/sh. In chroot'ed environments, /bin/sh doesn't (shouldn't!) exist -
so they fail.



Is it as simple as that? As 99.999% of the system binaries aren't available
in the jail, can a buffer overflow ever work?



No, its not as simple as that.  You might not be able to execute a shell, but you can still run arbitrary code.  See 
<http://online.securityfocus.com/archive/82/272793>.



--
This message has been sent via an anonymous mail relay at www.no-id.com.
Previous By Date Next
Previous By Thread Next

Current thread: