Re: OT? Are chroots immune to buffer overflows?

From: Steve Bremer (stevebat_private)
Date: Fri May 24 2002 - 05:45:19 PDT

Next message: david evlis reign: "[DER ADV#8] - Local off by one in CVSD"

Previous message: Nelson Sampaio Araujo Junior: "Re: OT? Are chroots immune to buffer overflows?"
In reply to: Iván: "Re: OT? Are chroots immune to buffer overflows?"
Next in thread: Stuart Adamson: "RE: OT? Are chroots immune to buffer overflows?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> For example, a chroot jail does not prevent execution of
> systems calls from within the vulnerable program address
> space therefore the exploit code can easily break out of the chroot
> jail or call setuid(0) to regain root privileges or perform socket

How can a non-root process gain root privileges by calling 
setuid(0)?  As long as the process is not running as root, this will 
fail.  If there are any setuid root binaries in the chroot jail, those 
could possibly be exploited to gain root privileges.

Steve Bremer

Next message: david evlis reign: "[DER ADV#8] - Local off by one in CVSD"
Previous message: Nelson Sampaio Araujo Junior: "Re: OT? Are chroots immune to buffer overflows?"
In reply to: Iván: "Re: OT? Are chroots immune to buffer overflows?"
Next in thread: Stuart Adamson: "RE: OT? Are chroots immune to buffer overflows?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri May 24 2002 - 17:28:19 PDT