I thought you just did something like the following in your shellcode... setuid(0) mkdir("blah") chroot("blah") chroot("../../../../../../../../../../../../") execve("/bin/sh",0,0) -KF Kalle Andersson wrote: >Of course can buffer overflows be done with success, but it will be >much more difficult. > >Remember, if you are root inside a chroot-jail you are root on the >machine. You can probably someway trick the server into downloading >necessary code and files to remount the filesystems into the >chroot-environment or make connections to other trusted servers etc >etc.... > >FreeBSD Jails are somewhat more secure, you might want to look into >that. > > >Jason Haar wrote: > >>[note: my question is WRT non-root chrooted jails - we all know about >>chroot'ing root processes!] >> >>Most buffer overflows I've seen attempt to infiltrate the system enough to >>run /bin/sh. In chroot'ed environments, /bin/sh doesn't (shouldn't!) exist - >>so they fail. >> >>Is it as simple as that? As 99.999% of the system binaries aren't available >>in the jail, can a buffer overflow ever work? >> >>-- >>Cheers >> >>Jason Haar >> >>Information Security Manager >>Trimble Navigation Ltd. >>Phone: +64 3 9635 377 Fax: +64 3 9635 417 >> > >-- >Best Regards >Kalle Andersson >Technical Manager / EuroTrust Sweden AB >kanat_private > >
This archive was generated by hypermail 2b30 : Thu May 23 2002 - 21:00:48 PDT