Re: OT? Are chroots immune to buffer overflows?

From: Edwin Groothuis (edwin@mavetju.org)
Date: 05/22/02

• Previous message: Kalle Andersson: "Re: OT? Are chroots immune to buffer overflows?"
• In reply to: Jason Haar: "OT? Are chroots immune to buffer overflows?"
• Next in thread: Jose Nazario: "Re: OT? Are chroots immune to buffer overflows?"
• Next in thread: Berend De Schouwer: "Re: OT? Are chroots immune to buffer overflows?"
• Reply: Jose Nazario: "Re: OT? Are chroots immune to buffer overflows?"
• Reply: Kurt Seifried: "Re: OT? Are chroots immune to buffer overflows?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Wed, 22 May 2002 22:53:15 +1000
From: Edwin Groothuis <edwin@mavetju.org>
To: Jason Haar <Jason.Haar@trimble.co.nz>

On Wed, May 22, 2002 at 03:48:16PM +1200, Jason Haar wrote:
> [note: my question is WRT non-root chrooted jails - we all know about
> chroot'ing root processes!]
>
> Most buffer overflows I've seen attempt to infiltrate the system enough to
> run /bin/sh. In chroot'ed environments, /bin/sh doesn't (shouldn't!) exist -
> so they fail.
>
> Is it as simple as that? As 99.999% of the system binaries aren't available
> in the jail, can a buffer overflow ever work?

A buffer-overflow allows an attacker to execute any piece of code.
Most of the this it is the running of /bin/sh because it gives the
attacker the biggest playingfield, but it can be anything.

For example with a DNS server in a chrooted environment, it can be
told to unlink the named.conf. Not that the attacker can do anything
usefull with it then, but it does some damage.

Edwin

-- 
Edwin Groothuis      |           Personal website: http://www.MavEtJu.org
edwin@mavetju.org    |        Interested in MUDs? Visit Fatal Dimensions:
bash$ :(){ :|:&};:   |                    http://www.FatalDimensions.org/

---

• Previous message: Kalle Andersson: "Re: OT? Are chroots immune to buffer overflows?"
• In reply to: Jason Haar: "OT? Are chroots immune to buffer overflows?"
• Next in thread: Jose Nazario: "Re: OT? Are chroots immune to buffer overflows?"
• Next in thread: Berend De Schouwer: "Re: OT? Are chroots immune to buffer overflows?"
• Reply: Jose Nazario: "Re: OT? Are chroots immune to buffer overflows?"
• Reply: Kurt Seifried: "Re: OT? Are chroots immune to buffer overflows?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages buffer overflows ... Many advisories list the problem of buffer overflows which allow the ... attacker to run arbitrary code as a privileged user. ... (comp.security.misc) Re: OT? Are chroots immune to buffer overflows? ... Jason Haar wrote: ... > Most buffer overflows I've seen attempt to infiltrate the system enough to ... > so they fail. ... (Vuln-Dev) Re: [Lit.] Buffer overruns ... >> You are kidding, right? ... We are talking about buffer overflows. ... >> If the code in question does not have them, the attacker cannot ... > truly have no idea how to follow that prescription. ... (sci.crypt) Re: unautherized access to unix systems? ... say the attacker has found an exploitable service. ... Can buffer overflows be programed in perl, ... anyone know a good tutorial on Buffer Overflows programmed in perl? ... (comp.security.unix) Re: [Lit.] Buffer overruns ... Hank Oredson wrote: ... > You are kidding, right? ... We are talking about buffer overflows. ... > If the code in question does not have them, the attacker cannot ... (sci.crypt)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Mailing-Lists  > securityfocus  > vuln-dev  > 2002-05