From owner-freebsd-security  Fri Dec 18 07:45:55 1998
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id HAA22162
          for freebsd-security-outgoing; Fri, 18 Dec 1998 07:45:55 -0800 (PST)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from phoenix (phoenix.aye.net [206.185.8.134])
          by hub.freebsd.org (8.8.8/8.8.8) with SMTP id HAA22151
          for <freebsd-security@FreeBSD.ORG>; Fri, 18 Dec 1998 07:45:53 -0800 (PST)
          (envelope-from brich@aye.net)
Received: (qmail 15322 invoked by uid 7506); 18 Dec 1998 15:43:31 -0000
Received: from localhost (sendmail-bs@127.0.0.1)
  by localhost with SMTP; 18 Dec 1998 15:43:31 -0000
Date: Fri, 18 Dec 1998 10:43:31 -0500 (EST)
From: Barrett Richardson <brich@aye.net>
To: Marco Molteni <molter@tin.it>
cc: freebsd-security@FreeBSD.ORG
Subject: Re: buffer overflows and chroot
In-Reply-To: <Pine.BSF.3.96.981218083729.459A-100000@nympha>
Message-ID: <Pine.BSF.3.96.981218103950.11375B-100000@phoenix.aye.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org


Would you conisder recompiling suid system binaries with the stackguard
compiler? I have ben able to get it going on 2.2.x and have been
wanting some real-world acid tests to throw at it.

--

Barrett

On Fri, 18 Dec 1998, Marco Molteni wrote:

> Hi all,
> 
> I am administering 3 FreeBSD machines at a lab at my University (yes, they
> are the *first* FreeBSD machines in my university :-)
> 
> We are working on IPv6/IPsec with the nice KAME kit (hello Itojun).
> 
> Yesterday came a guy, working on a "automatic buffer overflow exploiting
> program". I had to give him an account on my beloved machines, since my
> professor told me so. The situation is: I trust enough this guy not to do
> evil things, but his target is to get root via buffer overflow. 
> 
> He needs a compiler and some suid executables to test his tool. My
> question is: can I restrict him in a sort of sandbox? If I build a chroot
> environment with the tools he needs (compiler and bins) I can give him
> some suid executables, where the owner isn't root. Is it right?
> 
> Marco (who started to sweat)
> --- 
> "Hi, I have a Compaq machine running Windows 95. How do I install FreeBSD?"
> "I'm sorry, this is device driver testing: brain implants are two doors
>  down on the right". (Bill Paul, on the freebsd-net mailing list)
> 
> 
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message
> 


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message