From owner-freebsd-security Tue Dec 22 11:53:15 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id LAA26724 for freebsd-security-outgoing; Tue, 22 Dec 1998 11:53:15 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from fep03-svc.tin.it (mta03-acc.tin.it [212.216.176.34]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id LAA26599 for ; Tue, 22 Dec 1998 11:52:52 -0800 (PST) (envelope-from molter@tin.it) Received: from nympha.ecomotor.it ([212.216.1.223]) by fep03-svc.tin.it (InterMail v4.0 201-221-105) with SMTP id <19981222195243.GWIT18112.fep03-svc@nympha.ecomotor.it> for ; Tue, 22 Dec 1998 20:52:43 +0100 Received: (qmail 482 invoked by uid 1000); 22 Dec 1998 19:05:50 -0000 From: "Marco Molteni" Date: Tue, 22 Dec 1998 20:05:49 +0100 (CET) X-Sender: molter@nympha To: Zach Heilig cc: freebsd-security@FreeBSD.ORG Subject: Re: A better explanation (was: buffer overflows and chroot) In-Reply-To: <19981222092831.A31250@znh.org> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Tue, 22 Dec 1998, Zach Heilig wrote: > There is no need to break out of the chroot environment after finding a > working attack. > > Assuming that "bob" is attacking what is normally an suid-root binary, > and assuming this "bob" has a regular account as well, any attack that > works against the suid-non-root user binary, also works against the > (otherwise identical) suid-root binary. My gosh, Zach. I'm not completely fool. Bob *hasn't* a regular (== not chrooted) account. Otherwise, why would I build the chroot environment? Marco (feeling unable to make himself understood) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message