|
|
Subscribe / Log in / New account

Spengler: False Boundaries and Arbitrary Code Execution

Spengler: False Boundaries and Arbitrary Code Execution

Posted Jan 6, 2011 19:24 UTC (Thu) by spender (guest, #23067)
In reply to: Spengler: False Boundaries and Arbitrary Code Execution by unBrice
Parent article: Spengler: False Boundaries and Arbitrary Code Execution

chroot doesn't matter: in 2002 I wrote in the French MISC magazine 11 ways to break out of a chroot jail. One of them applies here: chroot doesn't matter if you have CAP_SETUID, in fact CAP_SETUID is basically equivalent to CAP_SYS_PTRACE. If i can change to any UID, then I can effectively ptrace any process (including those running outside of the chroot) giving me full control of the host system.

-Brad

to post comments

Spengler: False Boundaries and Arbitrary Code Execution

Posted Jan 7, 2011 8:23 UTC (Fri) by job (guest, #670) [Link] (3 responses)

Is this article online?

Spengler: False Boundaries and Arbitrary Code Execution

Posted Jan 7, 2011 11:38 UTC (Fri) by Aissen (subscriber, #59976) [Link] (2 responses)

I found it here, but it's in french:
http://www.touslesreseaux.com/forum/index.php?showtopic=40

Funny, I think I might still have the magazine (Misc 9) in a box somewhere…

Spengler: False Boundaries and Arbitrary Code Execution

Posted Jan 11, 2011 14:29 UTC (Tue) by job (guest, #670) [Link] (1 responses)

"Page non trouvée". (404)

Spengler: False Boundaries and Arbitrary Code Execution

Posted Jan 11, 2011 14:52 UTC (Tue) by Aissen (subscriber, #59976) [Link]

Seems like I made someone remember about this installed forum, and the article in it by linking to it.

But webarchive still has it:
http://web.archive.org/web/20080609074507/http://www.tous...

Also, a quick pastebin of the text & html versions of the article:
http://pastebin.com/kjCqFnv1


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds