Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: OT? Are chroots immune to buffer overflows?

From: "L. Walker" <k_aneda () yahoo com>
Date: Wed, 22 May 2002 20:06:02 +1000 (EST)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Wed, 22 May 2002, Jason Haar wrote:


[note: my question is WRT non-root chrooted jails - we all know about
chroot'ing root processes!]

Most buffer overflows I've seen attempt to infiltrate the system enough to
run /bin/sh. In chroot'ed environments, /bin/sh doesn't (shouldn't!) exist -
so they fail.

Is it as simple as that? As 99.999% of the system binaries aren't available
in the jail, can a buffer overflow ever work?


I've heard of shellcode that supposedly jumps out of the chroot jail, but
it's probably been fixed now (whatever bug in chroot the shellcode
exploited).  The buffer overflow would work (it'd overflow the buffer yes)
but as to whether you'd get a shell, probably not...  Unless someone
dropped a bash shell in there :)

- -- 
L. Walker
NOTICE: By spamming this account or scanning the IP address that this message
was sent from, you consent to a free and unrestricted security audit.
- -- 
If one wants to be a policeman, one must learn how to be a thief.
- --
That's why we spend so much time trying to understand our own motivations
and those of others.  That's what makes life so interesting.
   Kaji, Evangelion Ep 18
- --
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE8622SBJ6saYuOFLgRAoUjAJ97DeNdUA7fyVtkQg13oGCWYO0RNACeOSTE
GzkLksO3vul++CPK3gL0M/U=
=7FYs
-----END PGP SIGNATURE-----
Previous By Date Next
Previous By Thread Next

Current thread: