hi, On Wed, May 22, 2002 at 03:48:16PM +1200, Jason Haar wrote: > [note: my question is WRT non-root chrooted jails - we all know about > chroot'ing root processes!] > > Most buffer overflows I've seen attempt to infiltrate the system enough to > run /bin/sh. In chroot'ed environments, /bin/sh doesn't (shouldn't!) exist - > so they fail. that depends on how much attacker is interested in target system :) f.e.: one may write shellcode which just transfer static binary of /bin/sh and execve() it. if your chroot contains some vulnerable suid binary, it's question of seconds to get root caps and break it. let the prisoner out ... [note: i'm talking about linux chroot(), if you meant freelsd's jail(), then ignore this, jail() is about something little different) > Is it as simple as that? As 99.999% of the system binaries aren't available > in the jail, can a buffer overflow ever work? under certain circumstates, it can. > -- > Cheers > > Jason Haar > > Information Security Manager > Trimble Navigation Ltd. > Phone: +64 3 9635 377 Fax: +64 3 9635 417 -- _ __/| \'X.X' sd@ircnet =(___)= http://sd.g-art.nl U
This archive was generated by hypermail 2b30 : Wed May 22 2002 - 12:08:13 PDT