Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: OT? Are chroots immune to buffer overflows?

From: Greg Hunt <greg () supplyedge com>
Date: Wed, 22 May 2002 11:36:34 -0700
Looking online, I found shellcode that breaks chroot by doing a
mkdir("sh")
chroot("sh")
chroot("../../../../../../");
then running /bin/sh

Other chroot breaking shellcode online does variations of the same thing. I haven't tested this out so I can't say for 
sure if this works, anyone else know?

Shellcode available at:
http://www.groar.org/expl/linux-x86/chroot.c
http://www.groar.org/expl/linux-x86/chroot1.c


I've heard of shellcode that supposedly jumps out of the chroot jail, but
it's probably been fixed now (whatever bug in chroot the shellcode
exploited).  The buffer overflow would work (it'd overflow the buffer yes)
but as to whether you'd get a shell, probably not...  Unless someone
dropped a bash shell in there :)


-- 
------SupplyEdge-------
Greg Hunt
800-733-3380 x 107
greg () supplyedge com
Previous By Date Next
Previous By Thread Next

Current thread: