Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 18 Dec 1998 10:43:31 -0500 (EST)
From:      Barrett Richardson <brich@aye.net>
To:        Marco Molteni <molter@tin.it>
Cc:        freebsd-security@FreeBSD.ORG
Subject:   Re: buffer overflows and chroot
Message-ID:  <Pine.BSF.3.96.981218103950.11375B-100000@phoenix.aye.net>
In-Reply-To: <Pine.BSF.3.96.981218083729.459A-100000@nympha>
next in thread | previous in thread | raw e-mail | index | archive | help 

Would you conisder recompiling suid system binaries with the stackguard
compiler? I have ben able to get it going on 2.2.x and have been
wanting some real-world acid tests to throw at it.

--

Barrett

On Fri, 18 Dec 1998, Marco Molteni wrote:

> Hi all,
> 
> I am administering 3 FreeBSD machines at a lab at my University (yes, they
> are the *first* FreeBSD machines in my university :-)
> 
> We are working on IPv6/IPsec with the nice KAME kit (hello Itojun).
> 
> Yesterday came a guy, working on a "automatic buffer overflow exploiting
> program". I had to give him an account on my beloved machines, since my
> professor told me so. The situation is: I trust enough this guy not to do
> evil things, but his target is to get root via buffer overflow. 
> 
> He needs a compiler and some suid executables to test his tool. My
> question is: can I restrict him in a sort of sandbox? If I build a chroot
> environment with the tools he needs (compiler and bins) I can give him
> some suid executables, where the owner isn't root. Is it right?
> 
> Marco (who started to sweat)
> --- 
> "Hi, I have a Compaq machine running Windows 95. How do I install FreeBSD?"
> "I'm sorry, this is device driver testing: brain implants are two doors
>  down on the right". (Bill Paul, on the freebsd-net mailing list)
> 
> 
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message
> 


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.96.981218103950.11375B-100000>