Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 23 Dec 1998 06:08:10 +0100
From:      Harold Gutch <logix@foobar.franken.de>
To:        Zach Heilig <zach@gaffaneys.com>, Garance A Drosihn <drosih@rpi.edu>, Marco Molteni <molter@tin.it>
Cc:        freebsd-security@FreeBSD.ORG
Subject:   Re: A better explanation (was: buffer overflows and chroot)
Message-ID:  <19981223060810.A5560@foobar.franken.de>
In-Reply-To: <19981222092831.A31250@znh.org>; from Zach Heilig on Tue, Dec 22, 1998 at 09:28:31AM -0600
References:  <62537.913989002@zippy.cdrom.com> <Pine.BSF.3.96.981218193124.339A-100000@nympha> <v04011701b2a129cee810@[128.113.24.47]> <19981221174222.A1588@foobar.franken.de> <19981222092831.A31250@znh.org>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Tue, Dec 22, 1998 at 09:28:31AM -0600, Zach Heilig wrote:
> > Binaries suid to some _unprivileged_ user.
> 
> Assuming that "bob" is attacking what is normally an suid-root binary, and
> assuming this "bob" has a regular account as well, any attack that works
> against the suid-non-root user binary, also works against the (otherwise
> identical) suid-root binary.
> 
True, so "bob" still can prove that there are buffer overflows or
whatever in the binary that can be exploited.
But is this a problem ? All that Marco wants is that "bob" won't
be able to gain root-privileges, if "bob" is able to show Marco
that the binary is exploitable and that he can is able to get the
rights of the user it is suid to, this is fine, Marco doesn't
have a problem with this.

> A non-priviledged user does not buy anything, if there is any worry that this
> "bob" wants perform malicious acts as root.
> 
Of course it does, basically you're saying "a suid bit gives you
root rights, no matter who owns the file".

-- 
bye, logix

<Shabby> Sleep is an abstinence syndrome wich occurs due to lack of caffein.
Wed Mar  4 04:53:33 CET 1998   #unix, ircnet

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19981223060810.A5560>