Jason Haar wrote: > Most buffer overflows I've seen attempt to infiltrate the system enough to > run /bin/sh. In chroot'ed environments, /bin/sh doesn't (shouldn't!) exist - > so they fail. > Is it as simple as that? As 99.999% of the system binaries aren't available > in the jail, can a buffer overflow ever work? No, its not as simple as that. You might not be able to execute a shell, but you can still run arbitrary code. See <http://online.securityfocus.com/archive/82/272793>. -- This message has been sent via an anonymous mail relay at www.no-id.com.
This archive was generated by hypermail 2b30 : Wed May 22 2002 - 11:09:53 PDT