Date: Fri, 18 Dec 1998 08:51:38 +0100 (CET) From: "Marco Molteni" <molter@tin.it> To: freebsd-security@FreeBSD.ORG Subject: buffer overflows and chroot Message-ID: <Pine.BSF.3.96.981218083729.459A-100000@nympha>
next in thread | raw e-mail | index | archive | help
Hi all, I am administering 3 FreeBSD machines at a lab at my University (yes, they are the *first* FreeBSD machines in my university :-) We are working on IPv6/IPsec with the nice KAME kit (hello Itojun). Yesterday came a guy, working on a "automatic buffer overflow exploiting program". I had to give him an account on my beloved machines, since my professor told me so. The situation is: I trust enough this guy not to do evil things, but his target is to get root via buffer overflow. He needs a compiler and some suid executables to test his tool. My question is: can I restrict him in a sort of sandbox? If I build a chroot environment with the tools he needs (compiler and bins) I can give him some suid executables, where the owner isn't root. Is it right? Marco (who started to sweat) --- "Hi, I have a Compaq machine running Windows 95. How do I install FreeBSD?" "I'm sorry, this is device driver testing: brain implants are two doors down on the right". (Bill Paul, on the freebsd-net mailing list) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.96.981218083729.459A-100000>