From owner-freebsd-security  Tue Dec 22 21:08:53 1998
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id VAA26098
          for freebsd-security-outgoing; Tue, 22 Dec 1998 21:08:53 -0800 (PST)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from foobar.franken.de (foobar.franken.de [194.94.249.81])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id VAA26093
          for <freebsd-security@FreeBSD.ORG>; Tue, 22 Dec 1998 21:08:50 -0800 (PST)
          (envelope-from logix@foobar.franken.de)
Received: (from logix@localhost)
	by foobar.franken.de (8.8.8/8.8.5) id GAA05696;
	Wed, 23 Dec 1998 06:08:10 +0100 (CET)
Message-ID: <19981223060810.A5560@foobar.franken.de>
Date: Wed, 23 Dec 1998 06:08:10 +0100
From: Harold Gutch <logix@foobar.franken.de>
To: Zach Heilig <zach@gaffaneys.com>, Garance A Drosihn <drosih@rpi.edu>,
        Marco Molteni <molter@tin.it>
Cc: freebsd-security@FreeBSD.ORG
Subject: Re: A better explanation (was: buffer overflows and chroot)
References: <62537.913989002@zippy.cdrom.com> <Pine.BSF.3.96.981218193124.339A-100000@nympha> <v04011701b2a129cee810@[128.113.24.47]> <19981221174222.A1588@foobar.franken.de> <19981222092831.A31250@znh.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 0.93.2i
In-Reply-To: <19981222092831.A31250@znh.org>; from Zach Heilig on Tue, Dec 22, 1998 at 09:28:31AM -0600
X-Organisation: BatmanSystemDistribution
X-Mission: To free the world from the Penguin
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On Tue, Dec 22, 1998 at 09:28:31AM -0600, Zach Heilig wrote:
> > Binaries suid to some _unprivileged_ user.
> 
> Assuming that "bob" is attacking what is normally an suid-root binary, and
> assuming this "bob" has a regular account as well, any attack that works
> against the suid-non-root user binary, also works against the (otherwise
> identical) suid-root binary.
> 
True, so "bob" still can prove that there are buffer overflows or
whatever in the binary that can be exploited.
But is this a problem ? All that Marco wants is that "bob" won't
be able to gain root-privileges, if "bob" is able to show Marco
that the binary is exploitable and that he can is able to get the
rights of the user it is suid to, this is fine, Marco doesn't
have a problem with this.

> A non-priviledged user does not buy anything, if there is any worry that this
> "bob" wants perform malicious acts as root.
> 
Of course it does, basically you're saying "a suid bit gives you
root rights, no matter who owns the file".

-- 
bye, logix

<Shabby> Sleep is an abstinence syndrome wich occurs due to lack of caffein.
Wed Mar  4 04:53:33 CET 1998   #unix, ircnet

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message