Vulnerability Development mailing list archives
Re: OT? Are chroots immune to buffer overflows?
From: Luciano Miguel Ferreira Rocha <strange () nsk no-ip org>
Date: Wed, 22 May 2002 18:24:05 +0100
On Wed, May 22, 2002 at 01:02:56PM +0200, SpaceWalker wrote:
But If you are able to run code as root, a few syscalls are still available to you : inserting modules and ptrace().
If you're able to run code as root, all you need, in most Un*x systems, is: mkdir("blah"); chroot("blah"); chdir("../../../../../../"); chroot("."); execl("/bin/bash", "bash", NULL); On others Un*x systems, like some BSDs, an implicit chdir(".") is always made after a chroot, so this doesn't work, but you can still do mknod(2), mount(2), etc.. The point is if the chrooted program runs as root, almost anything can be done. If it doesn't, an attacker can only play with inherited file descriptors, kill(2) and ptrace(2) to processes belonging to the same user, and meddling with the accessible filesystem for private records or to aid in an intrusion. Regards -- Luciano Rocha, strange () nsk yi org
Current thread:
- OT? Are chroots immune to buffer overflows? Jason Haar (May 21)
- Re: OT? Are chroots immune to buffer overflows? SpaceWalker (May 22)
- Re: OT? Are chroots immune to buffer overflows? Luciano Miguel Ferreira Rocha (May 23)
- Re: OT? Are chroots immune to buffer overflows? Nelson Sampaio Araujo Junior (May 24)
- Re: OT? Are chroots immune to buffer overflows? aazubel (May 23)
- Re: OT? Are chroots immune to buffer overflows? Luciano Miguel Ferreira Rocha (May 23)
- Re: OT? Are chroots immune to buffer overflows? Valdis . Kletnieks (May 22)
- Re: OT? Are chroots immune to buffer overflows? Kalle Andersson (May 22)
- Re: OT? Are chroots immune to buffer overflows? KF (May 23)
- Re: OT? Are chroots immune to buffer overflows? Edwin Groothuis (May 22)
- Re: OT? Are chroots immune to buffer overflows? Jose Nazario (May 23)
- Re: OT? Are chroots immune to buffer overflows? Kurt Seifried (May 23)
- Re: OT? Are chroots immune to buffer overflows? Berend De Schouwer (May 22)
- Re: OT? Are chroots immune to buffer overflows? L. Walker (May 22)
(Thread continues...)
- Re: OT? Are chroots immune to buffer overflows? SpaceWalker (May 22)