Vulnerability Development mailing list archives
Re: OT? Are chroots immune to buffer overflows?
From: sd <sd () cdi cz>
Date: Wed, 22 May 2002 09:36:55 +0200
hi, On Wed, May 22, 2002 at 03:48:16PM +1200, Jason Haar wrote:
[note: my question is WRT non-root chrooted jails - we all know about chroot'ing root processes!] Most buffer overflows I've seen attempt to infiltrate the system enough to run /bin/sh. In chroot'ed environments, /bin/sh doesn't (shouldn't!) exist - so they fail.
that depends on how much attacker is interested in target system :) f.e.: one may write shellcode which just transfer static binary of /bin/sh and execve() it. if your chroot contains some vulnerable suid binary, it's question of seconds to get root caps and break it. let the prisoner out ... [note: i'm talking about linux chroot(), if you meant freelsd's jail(), then ignore this, jail() is about something little different)
Is it as simple as that? As 99.999% of the system binaries aren't available in the jail, can a buffer overflow ever work?
under certain circumstates, it can.
-- Cheers Jason Haar Information Security Manager Trimble Navigation Ltd. Phone: +64 3 9635 377 Fax: +64 3 9635 417
-- _ __/| \'X.X' sd@ircnet =(___)= http://sd.g-art.nl U
Current thread:
- Re: OT? Are chroots immune to buffer overflows?, (continued)
- Re: OT? Are chroots immune to buffer overflows? Kalle Andersson (May 22)
- Re: OT? Are chroots immune to buffer overflows? KF (May 23)
- Re: OT? Are chroots immune to buffer overflows? Edwin Groothuis (May 22)
- Re: OT? Are chroots immune to buffer overflows? Jose Nazario (May 23)
- Re: OT? Are chroots immune to buffer overflows? Kurt Seifried (May 23)
- Re: OT? Are chroots immune to buffer overflows? Berend De Schouwer (May 22)
- Re: OT? Are chroots immune to buffer overflows? L. Walker (May 22)
- Re: OT? Are chroots immune to buffer overflows? Jan Werner (May 23)
- Re: OT? Are chroots immune to buffer overflows? Greg Hunt (May 23)
- Re: OT? Are chroots immune to buffer overflows? Birger Toedtmann (May 22)
- Re: OT? Are chroots immune to buffer overflows? sd (May 22)
- Re: OT? Are chroots immune to buffer overflows? Andreas Ferber (May 22)
- Re: OT? Are chroots immune to buffer overflows? jove (May 23)
- Re: OT? Are chroots immune to buffer overflows? Dave Ahmad (May 23)
- Message not available
- Re: OT? Are chroots immune to buffer overflows? Jason Haar (May 23)
- Re: OT? Are chroots immune to buffer overflows? Kalle Andersson (May 22)
- Re: OT? Are chroots immune to buffer overflows? dev-null (May 22)
- RE: OT? Are chroots immune to buffer overflows? Stuart Adamson (May 22)
- RE: OT? Are chroots immune to buffer overflows? Steve Bremer (May 23)
- Re: OT? Are chroots immune to buffer overflows? Adam Lydick (May 23)
- Re: OT? Are chroots immune to buffer overflows? Iván (May 23)
- Re: OT? Are chroots immune to buffer overflows? Steve Bremer (May 24)