Vulnerability Development mailing list archives

Re: OT? Are chroots immune to buffer overflows?

From: "Steve Bremer" <steveb () nebcoinc com>
Date: Fri, 24 May 2002 07:45:19 -0500

For example, a chroot jail does not prevent execution of
systems calls from within the vulnerable program address
space therefore the exploit code can easily break out of the chroot
jail or call setuid(0) to regain root privileges or perform socket


How can a non-root process gain root privileges by calling 
setuid(0)?  As long as the process is not running as root, this will 
fail.  If there are any setuid root binaries in the chroot jail, those 
could possibly be exploited to gain root privileges.

Steve Bremer

Current thread:

Re: OT? Are chroots immune to buffer overflows?, (continued)
- Re: OT? Are chroots immune to buffer overflows? sd (May 22)
- Re: OT? Are chroots immune to buffer overflows? Andreas Ferber (May 22)
  - Re: OT? Are chroots immune to buffer overflows? jove (May 23)
- Re: OT? Are chroots immune to buffer overflows? Dave Ahmad (May 23)
- Message not available
  - Re: OT? Are chroots immune to buffer overflows? Jason Haar (May 23)
- Re: OT? Are chroots immune to buffer overflows? dev-null (May 22)
- RE: OT? Are chroots immune to buffer overflows? Stuart Adamson (May 22)
  - RE: OT? Are chroots immune to buffer overflows? Steve Bremer (May 23)
- Re: OT? Are chroots immune to buffer overflows? Adam Lydick (May 23)
- Re: OT? Are chroots immune to buffer overflows? Iván (May 23)
  - Re: OT? Are chroots immune to buffer overflows? Steve Bremer (May 24)
- RE: OT? Are chroots immune to buffer overflows? Stuart Adamson (May 24)
- Re: OT? Are chroots immune to buffer overflows? Hank Leininger (May 28)
  - Re: OT? Are chroots immune to buffer overflows? Jose Nazario (May 28)