From owner-freebsd-security  Sat Dec 19 06:15:50 1998
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id GAA11396
          for freebsd-security-outgoing; Sat, 19 Dec 1998 06:15:50 -0800 (PST)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from ol.kyrnet.kg (ol.kyrnet.kg [195.254.160.10])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id GAA11391
          for <freebsd-security@FreeBSD.ORG>; Sat, 19 Dec 1998 06:15:45 -0800 (PST)
          (envelope-from mlists@gizmo.kyrnet.kg)
Received: from gizmo.kyrnet.kg (IDENT:mlists@gizmo.kyrnet.kg [195.254.160.13])
	by ol.kyrnet.kg (8.9.1a/8.9.1) with ESMTP id SAA22132;
	Sat, 19 Dec 1998 18:44:45 +0600
Received: from localhost (mlists@localhost)
	by gizmo.kyrnet.kg (8.9.1a/8.9.1) with ESMTP id TAA17740;
	Sat, 19 Dec 1998 19:13:54 +0500
Date: Sat, 19 Dec 1998 19:13:53 +0500 (KGT)
From: CyberPsychotic <mlists@gizmo.kyrnet.kg>
Reply-To: fygrave@tigerteam.net
To: Marco Molteni <molter@tin.it>
cc: freebsd-security@FreeBSD.ORG
Subject: Re: buffer overflows and chroot
In-Reply-To: <Pine.BSF.3.96.981218083729.459A-100000@nympha>
Message-ID: <Pine.LNX.4.05.9812191912020.10479-100000@gizmo.kyrnet.kg>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org


~ Yesterday came a guy, working on a "automatic buffer overflow exploiting
~ program". I had to give him an account on my beloved machines, since my
~ professor told me so. The situation is: I trust enough this guy not to do
~ evil things, but his target is to get root via buffer overflow. 
~ 
~ He needs a compiler and some suid executables to test his tool. My
~ question is: can I restrict him in a sort of sandbox? If I build a chroot
~ environment with the tools he needs (compiler and bins) I can give him
~ some suid executables, where the owner isn't root. Is it right?
~ 


 well, you may not give him suid  binaries at all. if the needs to check
whether his buff-overflow explotations works, all he needs, is just to
make sure the buffer get overflowed, and his code gets executed. There are
many ways to check it. :)


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message