> For example, a chroot jail does not prevent execution of > systems calls from within the vulnerable program address > space therefore the exploit code can easily break out of the chroot > jail or call setuid(0) to regain root privileges or perform socket How can a non-root process gain root privileges by calling setuid(0)? As long as the process is not running as root, this will fail. If there are any setuid root binaries in the chroot jail, those could possibly be exploited to gain root privileges. Steve Bremer
This archive was generated by hypermail 2b30 : Fri May 24 2002 - 17:28:19 PDT