Jason Haar schrieb am Wed, May 22, 2002 at 03:48:16PM +1200: > [note: my question is WRT non-root chrooted jails - we all know about > chroot'ing root processes!] > > Most buffer overflows I've seen attempt to infiltrate the system enough to > run /bin/sh. In chroot'ed environments, /bin/sh doesn't (shouldn't!) exist - > so they fail. > > Is it as simple as that? As 99.999% of the system binaries aren't available > in the jail, can a buffer overflow ever work? Of course it can, because basically you (the attacker) can inject <whatever> code you want. It is just for economic reasons - read: simple - to inject an exec() upon some pre-installed binary, e.g. /bin/sh. What's more important in chroot scenarios is that the intruder will run the <whatever> code only with user priviledges and thus should never be able to get id=0 because in the jail there should never be any suid binary. It is this absence of suid binaries that make jails safe. You could've all that without a jail, but your system will be very hard to handle then as an administrator (and user). As a consequence, jails are suid-less regions on your system where remote-access software should live its restricted life. Even then you have problems that attackers could upload everything thinkable and compile nasty little programs, maybe to direct some attack to another server. Therefore, one should also restrict chrooted users to not be able to use any networking facilities (under GNU/Linux, use iptables to make this work) other than the service that this user runs needs. Regards, Birger
This archive was generated by hypermail 2b30 : Wed May 22 2002 - 12:04:25 PDT