From owner-freebsd-security  Fri Dec 18 11:11:21 1998
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id LAA15525
          for freebsd-security-outgoing; Fri, 18 Dec 1998 11:11:21 -0800 (PST)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from fep04-svc.tin.it (mta04-acc.tin.it [212.216.176.35])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id LAA15511
          for <freebsd-security@FreeBSD.ORG>; Fri, 18 Dec 1998 11:11:04 -0800 (PST)
          (envelope-from molter@tin.it)
Received: from nympha.ecomotor.it ([212.216.1.185]) by fep04-svc.tin.it
          (InterMail v4.0 201-221-105) with SMTP
          id <19981218191043.FLYF23050.fep04-svc@nympha.ecomotor.it>
          for <freebsd-security@FreeBSD.ORG>;
          Fri, 18 Dec 1998 20:10:43 +0100
Received: (qmail 360 invoked by uid 1000); 18 Dec 1998 18:57:08 -0000
From: "Marco Molteni" <molter@tin.it>
Date: Fri, 18 Dec 1998 19:57:07 +0100 (CET)
X-Sender: molter@nympha
To: "Jordan K. Hubbard" <jkh@zippy.cdrom.com>
cc: freebsd-security@FreeBSD.ORG
Subject: Re: A better explanation (was: buffer overflows and chroot) 
In-Reply-To: <62537.913989002@zippy.cdrom.com>
Message-ID: <Pine.BSF.3.96.981218193124.339A-100000@nympha>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On Fri, 18 Dec 1998, Jordan K. Hubbard wrote:

> > In my situation I have a *legitimate* user, call him Bob, who actively
> > searches such buffer overflows. He does it for research, and he isn't
> > unserious as you state, I assure you.
> 
> If he's searching for truely interesting exploits and he needs root
> priviledge for this, then he must not be very serious about this. :-)

Jordan,

obviously I agree with you, but I described something different.

Scenario:

1.  Bob is a non privileged user.
2.  Bob actively searches for buffer overflows in suid binaries.
3.  if Bob is able to do his job, soon or later he'll get root.
4.  I don't mind if Bob is a good guy or a bad guy, I don't want anybody
    to be root on my machines.
5.  I want to put him in a chroot jail full of suid binaries, but suid
    not to root, to pseudoroot, where pseudoroot is a non privileged user.
6.  Bob can do all his experiments in his nice jail.
6.  if Bob becomes pseudoroot, I am still safe, since:
6.1 he is in a chroot jail
6.2 in the jail there isn't any executable suid to a privileged user (root,
    bin, whatever).
6.3 from 6.2, he can't escape from the jail

is 6.3 correct?

> If someone wants to be root on a box, make him get his own to destroy.

I perfectly agree. 


Marco


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message