Date: Sat, 19 Dec 1998 14:59:07 +0100 (CET) From: "Marco Molteni" <molter@tin.it> To: Garance A Drosihn <drosih@rpi.edu> Cc: freebsd-security@FreeBSD.ORG Subject: Re: A better explanation (was: buffer overflows and chroot) Message-ID: <Pine.BSF.3.96.981219131806.569A-100000@nympha> In-Reply-To: <v04011701b2a129cee810@[128.113.24.47]>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, 19 Dec 1998, Garance A Drosihn wrote: > Marco Molteni wrote: > >Scenario: > > > > 1. Bob is a non privileged user. > > 2. Bob actively searches for buffer overflows in suid binaries. > > 3. if Bob is able to do his job, soon or later he'll get root. > > 4. I don't mind if Bob is a good guy or a bad guy, I don't want > > anybody to be root on my machines. > > 5. I want to put him in a chroot jail full of suid binaries, but > > suid not to root, to pseudoroot, where pseudoroot is a > > non privileged user. > > 6. Bob can do all his experiments in his nice jail. > > 6. if Bob becomes pseudoroot, I am still safe, since: > > 6.1 he is in a chroot jail > > 6.2 in the jail there isn't any executable suid to a privileged > > user (root, bin, whatever). > > 6.3 from 6.2, he can't escape from the jail > > > > is 6.3 correct? > > From #2, Bob is running setuid binaries. Presumably he's running a long > list of common setuid binaries, otherwise it'd be pointless research. Yes, this is what I think. > Chances are that some of those programs are ones which will only work > if they run as root. (say he wanted to pursue buffer overflows in lpr, > for instance. Well, to do that he needs to have lpd running, and if > you're not running lpd as root then it will not run very well -- at the > very least it's an invalid test of lpd). I see your point > What makes you think that you can limit his research by refusing to let > him run the whole class of real-world setuid programs which have to be > run as root? As many already said, the only reasonable thing to do was, from the start, to give him spare machines to play with. Sometimes you have to accept situations you don't like. Since I have to give him an account, to limit the damages I'll put him in a custom tailored jail. If he is not comfortable with the environment / cannot do his tests, he'll have to physically bring in front of me my professor asking for more. At that time, I'll fight ;-) Marco To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.96.981219131806.569A-100000>