On Wed, May 22, 2002 at 03:48:16PM +1200, Jason Haar wrote: > [note: my question is WRT non-root chrooted jails - we all know about > chroot'ing root processes!] > > Most buffer overflows I've seen attempt to infiltrate the system enough to > run /bin/sh. In chroot'ed environments, /bin/sh doesn't (shouldn't!) exist - > so they fail. > > Is it as simple as that? As 99.999% of the system binaries aren't available > in the jail, can a buffer overflow ever work? A buffer-overflow allows an attacker to execute any piece of code. Most of the this it is the running of /bin/sh because it gives the attacker the biggest playingfield, but it can be anything. For example with a DNS server in a chrooted environment, it can be told to unlink the named.conf. Not that the attacker can do anything usefull with it then, but it does some damage. Edwin -- Edwin Groothuis | Personal website: http://www.MavEtJu.org edwinat_private | Interested in MUDs? Visit Fatal Dimensions: bash$ :(){ :|:&};: | http://www.FatalDimensions.org/
This archive was generated by hypermail 2b30 : Wed May 22 2002 - 10:33:48 PDT