| |||||||||||||
Spengler: False Boundaries and Arbitrary Code ExecutionSpengler: False Boundaries and Arbitrary Code ExecutionPosted Jan 6, 2011 19:24 UTC (Thu) by spender (subscriber, #23067)In reply to: Spengler: False Boundaries and Arbitrary Code Execution by unBrice Parent article: Spengler: False Boundaries and Arbitrary Code Execution
chroot doesn't matter: in 2002 I wrote in the French MISC magazine 11 ways to break out of a chroot jail. One of them applies here: chroot doesn't matter if you have CAP_SETUID, in fact CAP_SETUID is basically equivalent to CAP_SYS_PTRACE. If i can change to any UID, then I can effectively ptrace any process (including those running outside of the chroot) giving me full control of the host system.
-Brad
(Log in to post comments)
Spengler: False Boundaries and Arbitrary Code Execution Posted Jan 7, 2011 8:23 UTC (Fri) by job (guest, #670) [Link]
Is this article online?
Spengler: False Boundaries and Arbitrary Code Execution Posted Jan 7, 2011 11:38 UTC (Fri) by Aissen (subscriber, #59976) [Link]
I found it here, but it's in french:
http://www.touslesreseaux.com/forum/index.php?showtopic=40
Funny, I think I might still have the magazine (Misc 9) in a box somewhere
Spengler: False Boundaries and Arbitrary Code Execution Posted Jan 11, 2011 14:29 UTC (Tue) by job (guest, #670) [Link]
"Page non trouvée". (404)
Spengler: False Boundaries and Arbitrary Code Execution Posted Jan 11, 2011 14:52 UTC (Tue) by Aissen (subscriber, #59976) [Link]
Seems like I made someone remember about this installed forum, and the article in it by linking to it.
But webarchive still has it:
Also, a quick pastebin of the text & html versions of the article:
|
|||||||||||||