Re: OT? Are chroots immune to buffer overflows?

[Birger Toedtmann <birger () takatukaland de>]

Jason Haar schrieb am Wed, May 22, 2002 at 03:48:16PM +1200:
> [note: my question is WRT non-root chrooted jails - we all know about
> chroot'ing root processes!]
>
> Most buffer overflows I've seen attempt to infiltrate the system enough to
> run /bin/sh. In chroot'ed environments, /bin/sh doesn't (shouldn't!) exist -
> so they fail.
>
> Is it as simple as that? As 99.999% of the system binaries aren't available
> in the jail, can a buffer overflow ever work?

Of course it can, because basically you (the attacker) can inject <whatever>
code you want.  It is just for economic reasons - read: simple - to inject
an exec() upon some pre-installed binary, e.g. /bin/sh.  

What's more important in chroot scenarios is that the intruder will run the
<whatever> code only with user priviledges and thus should never be able to 
get id=0 because in the jail there should never be any suid binary.  It is
this absence of suid binaries that make jails safe.  You could've all that
without a jail, but your system will be very hard to handle then as an 
administrator (and user).  As a consequence, jails are suid-less regions
on your system where remote-access software should live its restricted life.

Even then you have problems that attackers could upload everything thinkable
and compile nasty little programs, maybe to direct some attack to another
server.  Therefore, one should also restrict chrooted users to not be able
to use any networking facilities (under GNU/Linux, use iptables to make this 
work) other than the service that this user runs needs.


Regards,

Birger