Vulnerability Development mailing list archives
Re: OT? Are chroots immune to buffer overflows?
From: Jan Werner <xian () mat uni torun pl>
Date: Thu, 23 May 2002 19:36:12 +0200 (CEST)
On Wed, 22 May 2002, L. Walker wrote:
[note: my question is WRT non-root chrooted jails - we all know about chroot'ing root processes!] Most buffer overflows I've seen attempt to infiltrate the system enough to run /bin/sh. In chroot'ed environments, /bin/sh doesn't (shouldn't!) exist - so they fail. Is it as simple as that? As 99.999% of the system binaries aren't available in the jail, can a buffer overflow ever work?I've heard of shellcode that supposedly jumps out of the chroot jail, but it's probably been fixed now (whatever bug in chroot the shellcode exploited). The buffer overflow would work (it'd overflow the buffer yes) but as to whether you'd get a shell, probably not... Unless someone dropped a bash shell in there :)
There are ways to break out of chroot'ed environment: 1. If the chroot'ed program does not chdir("/") then there's way to escape from jail (see the taeho oh's advanced buffer overflow exploits http://online.securityfocus.com/library/1568 ) 2. If system does not provide any limitations for jail you can trace programs outside of jail send them signals use raw devices etc ... Some limitations for linux (I remind that this OS appeared in thread ) can be implemented for example grsecurity kernel patch http://grsecurity.net/features.html or capsel linux kernel security module http://cliph.linux.pl greetings xian
Current thread:
- Re: OT? Are chroots immune to buffer overflows?, (continued)
- Re: OT? Are chroots immune to buffer overflows? Nelson Sampaio Araujo Junior (May 24)
- Re: OT? Are chroots immune to buffer overflows? aazubel (May 23)
- Re: OT? Are chroots immune to buffer overflows? Valdis . Kletnieks (May 22)
- Re: OT? Are chroots immune to buffer overflows? Kalle Andersson (May 22)
- Re: OT? Are chroots immune to buffer overflows? KF (May 23)
- Re: OT? Are chroots immune to buffer overflows? Edwin Groothuis (May 22)
- Re: OT? Are chroots immune to buffer overflows? Jose Nazario (May 23)
- Re: OT? Are chroots immune to buffer overflows? Kurt Seifried (May 23)
- Re: OT? Are chroots immune to buffer overflows? Berend De Schouwer (May 22)
- Re: OT? Are chroots immune to buffer overflows? L. Walker (May 22)
- Re: OT? Are chroots immune to buffer overflows? Jan Werner (May 23)
- Re: OT? Are chroots immune to buffer overflows? Greg Hunt (May 23)
- Re: OT? Are chroots immune to buffer overflows? Birger Toedtmann (May 22)
- Re: OT? Are chroots immune to buffer overflows? sd (May 22)
- Re: OT? Are chroots immune to buffer overflows? Andreas Ferber (May 22)
- Re: OT? Are chroots immune to buffer overflows? jove (May 23)
- Re: OT? Are chroots immune to buffer overflows? Dave Ahmad (May 23)
- Message not available
- Re: OT? Are chroots immune to buffer overflows? Jason Haar (May 23)
- Re: OT? Are chroots immune to buffer overflows? dev-null (May 22)
- RE: OT? Are chroots immune to buffer overflows? Stuart Adamson (May 22)
- RE: OT? Are chroots immune to buffer overflows? Steve Bremer (May 23)