Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: OT? Are chroots immune to buffer overflows?

From: Jason Haar <Jason.Haar () trimble co nz>
Date: Thu, 23 May 2002 09:05:58 +1200
On Wed, May 22, 2002 at 08:00:25PM +0200, lorenzo wrote:

as others have already stated, no, you can execute anything from an
overflow. But still, you will be able to lock out 99.99% of those script
kiddies who just try the overflow.
Maybe the percentage is not that accurate, but still the idea is
similar..


I'd say from what I've just heard (16 responses in 12 hours - wow!) we can
deduce the following:

* non-root chrooted jails will stop 99.x% of buffer overflows due to the
  fact that the majority of such attacks are generic - and therefore rely on
  the presence of programs on the compromised systems to do their work.
  
* there's a fair chance that a successful attack would need to be
  hand-crafted to work against your particular system. Congratulations,
  hacker has left the field for easier pickings ;-)
  
I guess once in-memory (compared with executing local binaries) code
execution becomes commonplace, this "advantage" will fade away.

Still, nothing beats secure code to begin with.

-- 
Cheers

Jason Haar

Information Security Manager
Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
Previous By Date Next
Previous By Thread Next

Current thread: