Date: Fri, 18 Dec 1998 13:21:03 -0400 (AST) From: Michael Richards <026809r@acadiau.ca> To: Marco Molteni <molter@tin.it> Cc: Guido Stepken <stepken@fss.firmen-info.de>, freebsd-security@FreeBSD.ORG Subject: Re: A better explanation (was: buffer overflows and chroot) Message-ID: <Pine.GSO.4.05.9812181316260.13811-100000@dragon> In-Reply-To: <Pine.BSF.3.96.981218131426.311A-100000@nympha>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi. > So my idea/question is: if I build a chroot jail for Bob, fitted with all > he needs (eg /bin, /usr/bin, /usr/local/bin, /usr/libexec, etc) and I > replace all the suid root binaries with suid root2 binaries, where root2 > is a normal user, he can do his experiments, but he can't get root. As I recall, there are a number of ways to escape from a chroot jail. I think you should be reasonably safe with the standard binaries installed. You might want to run at a higher securelevel. If the point here is academic research into an automatic buffer overflow program, just give him 2 accounts and let him fiddle with exploiting from one userlevel to the other via a suid program. Seeing suid programs core dumping can be an indication that something funky is going on, but if he gets the overflow right on the first try, of course it won't core dump :0 -Michael To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.GSO.4.05.9812181316260.13811-100000>