Re: OT? Are chroots immune to buffer overflows?

From: KF (
Date: 05/22/02

Date: Wed, 22 May 2002 01:23:13 -0400
From: KF <>
To: Kalle Andersson <>

I thought you just did something like the following in your shellcode...



Kalle Andersson wrote:

>Of course can buffer overflows be done with success, but it will be
>much more difficult.
>Remember, if you are root inside a chroot-jail you are root on the
>machine. You can probably someway trick the server into downloading
>necessary code and files to remount the filesystems into the
>chroot-environment or make connections to other trusted servers etc
>FreeBSD Jails are somewhat more secure, you might want to look into
>Jason Haar wrote:
>>[note: my question is WRT non-root chrooted jails - we all know about
>>chroot'ing root processes!]
>>Most buffer overflows I've seen attempt to infiltrate the system enough to
>>run /bin/sh. In chroot'ed environments, /bin/sh doesn't (shouldn't!) exist -
>>so they fail.
>>Is it as simple as that? As 99.999% of the system binaries aren't available
>>in the jail, can a buffer overflow ever work?
>>Jason Haar
>>Information Security Manager
>>Trimble Navigation Ltd.
>>Phone: +64 3 9635 377 Fax: +64 3 9635 417
>Best Regards
>Kalle Andersson
>Technical Manager / EuroTrust Sweden AB