Date: Sat, 19 Dec 1998 19:13:53 +0500 (KGT) From: CyberPsychotic <mlists@gizmo.kyrnet.kg> To: Marco Molteni <molter@tin.it> Cc: freebsd-security@FreeBSD.ORG Subject: Re: buffer overflows and chroot Message-ID: <Pine.LNX.4.05.9812191912020.10479-100000@gizmo.kyrnet.kg> In-Reply-To: <Pine.BSF.3.96.981218083729.459A-100000@nympha>
next in thread | previous in thread | raw e-mail | index | archive | help
~ Yesterday came a guy, working on a "automatic buffer overflow exploiting ~ program". I had to give him an account on my beloved machines, since my ~ professor told me so. The situation is: I trust enough this guy not to do ~ evil things, but his target is to get root via buffer overflow. ~ ~ He needs a compiler and some suid executables to test his tool. My ~ question is: can I restrict him in a sort of sandbox? If I build a chroot ~ environment with the tools he needs (compiler and bins) I can give him ~ some suid executables, where the owner isn't root. Is it right? ~ well, you may not give him suid binaries at all. if the needs to check whether his buff-overflow explotations works, all he needs, is just to make sure the buffer get overflowed, and his code gets executed. There are many ways to check it. :) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.LNX.4.05.9812191912020.10479-100000>