From owner-freebsd-security  Thu Feb 22 13:47: 7 2001
Delivered-To: freebsd-security@freebsd.org
Received: from obsecurity.dyndns.org (adsl-64-165-226-53.dsl.lsan03.pacbell.net [64.165.226.53])
	by hub.freebsd.org (Postfix) with ESMTP id 43DCD37B401
	for <freebsd-security@FreeBSD.ORG>; Thu, 22 Feb 2001 13:47:04 -0800 (PST)
	(envelope-from kris@obsecurity.org)
Received: by obsecurity.dyndns.org (Postfix, from userid 1000)
	id C483866C34; Thu, 22 Feb 2001 13:47:03 -0800 (PST)
Date: Thu, 22 Feb 2001 13:47:03 -0800
From: Kris Kennaway <kris@obsecurity.org>
To: Marc Rassbach <marc@milestonerdl.com>
Cc: Michael Richards <michael@fastmail.ca>,
	Cy.Schubert@uumail.gov.bc.ca, freebsd-security@FreeBSD.ORG
Subject: Re: Bind problems
Message-ID: <20010222134703.A7745@mollari.cthul.hu>
References: <3A9578A6.000055.93744@frodo.searchcanada.ca> <Pine.BSF.4.21.0102221521280.11103-100000@tandem.milestonerdl.com>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-md5;
	protocol="application/pgp-signature"; boundary="ikeVEW9yuYc//A+q"
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <Pine.BSF.4.21.0102221521280.11103-100000@tandem.milestonerdl.com>; from marc@milestonerdl.com on Thu, Feb 22, 2001 at 03:22:55PM -0600
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org


--ikeVEW9yuYc//A+q
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

On Thu, Feb 22, 2001 at 03:22:55PM -0600, Marc Rassbach wrote:
> Or, you may have been running -u bind -g bind and that works to keep the
> lid on things.  (Unless the security team knows that -u -g on bind 8
> doesn't help.)

Well, it doesn't really help, because it still gives the attacker an
account on your system, which they can use to bootstrap to root if you
have an unpatched local root hole.

Even running in a chroot or jail only goes so far, because they can
still run arbitrary code on the system as that user and use it to
e.g. launch DDoS attacks, run an rc5des client, you name it :)

Kris

--ikeVEW9yuYc//A+q
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (FreeBSD)
Comment: For info see http://www.gnupg.org

iD8DBQE6lYjXWry0BWjoQKURAl3mAJ0Z+kDhZNl/nu3OMDFEf+bFtEEliQCgp+6J
y5/7S+BOOmDlPayKS9jFDeQ=
=mOAv
-----END PGP SIGNATURE-----

--ikeVEW9yuYc//A+q--

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message