Vulnerability Development mailing list archives
Re: OT? Are chroots immune to buffer overflows?
From: Andreas Ferber <aferber () techfak uni-bielefeld de>
Date: Wed, 22 May 2002 09:31:12 +0200
On Wed, May 22, 2002 at 03:48:16PM +1200, Jason Haar wrote:
Most buffer overflows I've seen attempt to infiltrate the system enough to run /bin/sh. In chroot'ed environments, /bin/sh doesn't (shouldn't!) exist - so they fail. Is it as simple as that? As 99.999% of the system binaries aren't available in the jail, can a buffer overflow ever work?
The buffer overflow still works as expected (the bug is in the daemon, not in /bin/sh), though the shellcode used in most precooked exploits doesn't work. If the buffer is large enough so that the attacker can place more code than just an exec("/bin/sh") into it, he can still do all nasty things inside the bounds of the jail (e.g. uploading his own shell and executing that one ;-) Andreas -- Andreas Ferber - dev/consulting GmbH - Bielefeld, FRG --------------------------------------------------------- +49 521 1365800 - af () devcon net - www.devcon.net
Current thread:
- Re: OT? Are chroots immune to buffer overflows?, (continued)
- Re: OT? Are chroots immune to buffer overflows? KF (May 23)
- Re: OT? Are chroots immune to buffer overflows? Edwin Groothuis (May 22)
- Re: OT? Are chroots immune to buffer overflows? Jose Nazario (May 23)
- Re: OT? Are chroots immune to buffer overflows? Kurt Seifried (May 23)
- Re: OT? Are chroots immune to buffer overflows? Berend De Schouwer (May 22)
- Re: OT? Are chroots immune to buffer overflows? L. Walker (May 22)
- Re: OT? Are chroots immune to buffer overflows? Jan Werner (May 23)
- Re: OT? Are chroots immune to buffer overflows? Greg Hunt (May 23)
- Re: OT? Are chroots immune to buffer overflows? Birger Toedtmann (May 22)
- Re: OT? Are chroots immune to buffer overflows? sd (May 22)
- Re: OT? Are chroots immune to buffer overflows? Andreas Ferber (May 22)
- Re: OT? Are chroots immune to buffer overflows? jove (May 23)
- Re: OT? Are chroots immune to buffer overflows? Dave Ahmad (May 23)
- Message not available
- Re: OT? Are chroots immune to buffer overflows? Jason Haar (May 23)
- Re: OT? Are chroots immune to buffer overflows? dev-null (May 22)
- RE: OT? Are chroots immune to buffer overflows? Stuart Adamson (May 22)
- RE: OT? Are chroots immune to buffer overflows? Steve Bremer (May 23)
- Re: OT? Are chroots immune to buffer overflows? Adam Lydick (May 23)
- Re: OT? Are chroots immune to buffer overflows? Iván (May 23)
- Re: OT? Are chroots immune to buffer overflows? Steve Bremer (May 24)
- RE: OT? Are chroots immune to buffer overflows? Stuart Adamson (May 24)