Not really. Shellcode may perform any userland operations as the process under their control. If '/bin/sh' doesn't exist, shellcode could be written to do whatever 'sh' can, provided that there is enough room for the required instructions. A couple of ideas: The attacker may write 'mini shell' shellcode, facilitating limited interaction with the filesystem and the ability to execute specific programs. The attacker could write shellcode that downloads a complete shell from somewhere else. As for getting root and breaking out of chroot.. look to the kernel (i386 LDT bug, ptrace/exec, etc) :) Dave Ahmad SecurityFocus www.securityfocus.com On Wed, 22 May 2002, Jason Haar wrote: > [note: my question is WRT non-root chrooted jails - we all know about > chroot'ing root processes!] > > Most buffer overflows I've seen attempt to infiltrate the system enough to > run /bin/sh. In chroot'ed environments, /bin/sh doesn't (shouldn't!) exist - > so they fail. > > Is it as simple as that? As 99.999% of the system binaries aren't available > in the jail, can a buffer overflow ever work? > > -- > Cheers > > Jason Haar > > Information Security Manager > Trimble Navigation Ltd. > Phone: +64 3 9635 377 Fax: +64 3 9635 417 >
This archive was generated by hypermail 2b30 : Thu May 23 2002 - 20:53:34 PDT