From owner-freebsd-security Fri Dec 18 00:52:15 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id AAA10778 for freebsd-security-outgoing; Fri, 18 Dec 1998 00:52:15 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from www.zdh.de (www.zdh.de [194.77.6.230]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id AAA10773 for ; Fri, 18 Dec 1998 00:52:13 -0800 (PST) (envelope-from stepken@fss.firmen-info.de) Received: from beatix (r-145.koln.ipdial.viaginterkom.de [62.180.37.145]) by www.zdh.de (8.8.7/8.8.7) with SMTP id KAA22419; Fri, 18 Dec 1998 10:38:52 +0100 Message-ID: <002501be2a64$5a4dd8e0$9125b43e@beatix.intra.net> From: "Guido Stepken" To: "Marco Molteni" , Subject: Re: buffer overflows and chroot Date: Fri, 18 Dec 1998 09:56:47 +0100 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 8bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 4.72.3110.1 X-MimeOLE: Produced By Microsoft MimeOLE V4.72.3110.3 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org This program is absolute nonsense. buffer overflows can be everywhere in a handshake of specific protocols (mail from: ...rcpt to: , smtp) and are found in many gets puts routines in the library and every bloody program, which makes use of such libs. Some programs are written without static arrays, which could be overflowed (8-) wietses new mail program), but with dynamic memory adressing. Those programs can not be overflowed by any trick, but it can result in heavy swapping and finally in a DoS attack. Kick him off ! This guy is unserious as well as your professor !!!!!! regards, Guido Stepken -----Ursprüngliche Nachricht----- Von: Marco Molteni An: freebsd-security@FreeBSD.ORG Datum: Freitag, 18. Dezember 1998 10:19 Betreff: buffer overflows and chroot >Hi all, > >I am administering 3 FreeBSD machines at a lab at my University (yes, they >are the *first* FreeBSD machines in my university :-) > >We are working on IPv6/IPsec with the nice KAME kit (hello Itojun). > >Yesterday came a guy, working on a "automatic buffer overflow exploiting >program". I had to give him an account on my beloved machines, since my >professor told me so. The situation is: I trust enough this guy not to do >evil things, but his target is to get root via buffer overflow. > >He needs a compiler and some suid executables to test his tool. My >question is: can I restrict him in a sort of sandbox? If I build a chroot >environment with the tools he needs (compiler and bins) I can give him >some suid executables, where the owner isn't root. Is it right? > >Marco (who started to sweat) >--- >"Hi, I have a Compaq machine running Windows 95. How do I install FreeBSD?" >"I'm sorry, this is device driver testing: brain implants are two doors > down on the right". (Bill Paul, on the freebsd-net mailing list) > > > >To Unsubscribe: send mail to majordomo@FreeBSD.org >with "unsubscribe freebsd-security" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message