Re: OT? Are chroots immune to buffer overflows?

From: Greg Hunt (gregat_private)
Date: Wed May 22 2002 - 11:36:34 PDT

Next message: Iván: "Re: OT? Are chroots immune to buffer overflows?"

Previous message: Kurt Seifried: "Re: OT? Are chroots immune to buffer overflows?"
In reply to: L. Walker: "Re: OT? Are chroots immune to buffer overflows?"
Next in thread: Birger Toedtmann: "Re: OT? Are chroots immune to buffer overflows?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Looking online, I found shellcode that breaks chroot by doing a
mkdir("sh")
chroot("sh")
chroot("../../../../../../");
then running /bin/sh

Other chroot breaking shellcode online does variations of the same thing. I haven't tested this out so I can't say for sure if this works, anyone else know?

Shellcode available at:
http://www.groar.org/expl/linux-x86/chroot.c
http://www.groar.org/expl/linux-x86/chroot1.c

> I've heard of shellcode that supposedly jumps out of the chroot jail, but
> it's probably been fixed now (whatever bug in chroot the shellcode
> exploited).  The buffer overflow would work (it'd overflow the buffer yes)
> but as to whether you'd get a shell, probably not...  Unless someone
> dropped a bash shell in there :)

-- 
------SupplyEdge-------
Greg Hunt
800-733-3380 x 107
gregat_private

Next message: Iván: "Re: OT? Are chroots immune to buffer overflows?"
Previous message: Kurt Seifried: "Re: OT? Are chroots immune to buffer overflows?"
In reply to: L. Walker: "Re: OT? Are chroots immune to buffer overflows?"
Next in thread: Birger Toedtmann: "Re: OT? Are chroots immune to buffer overflows?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu May 23 2002 - 21:24:03 PDT