Date: Fri, 18 Dec 1998 20:08:32 +0100 (CET) From: "Marco Molteni" <molter@tin.it> To: Michael Richards <026809r@acadiau.ca> Cc: freebsd-security@FreeBSD.ORG Subject: Re: A better explanation (was: buffer overflows and chroot) Message-ID: <Pine.BSF.3.96.981218200224.339C-100000@nympha> In-Reply-To: <Pine.GSO.4.05.9812181316260.13811-100000@dragon>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, 18 Dec 1998, Michael Richards wrote: > > So my idea/question is: if I build a chroot jail for Bob, fitted with > > all he needs (eg /bin, /usr/bin, /usr/local/bin, /usr/libexec, etc) > > and I replace all the suid root binaries with suid root2 binaries, > > where root2 is a normal user, he can do his experiments, but he can't > > get root. > > If the point here is academic research into an automatic buffer overflow > program, exactly. If I could, I'd give him a box to crash, but I can't. > just give him 2 accounts and let him fiddle with exploiting from one > userlevel to the other via a suid program. ^^^^^^^^^ I think you mean "from one uid to the other". I agree, and this is what I first thought. But my idea of the jail comes from the fact that I can't disable him to try overflows on other suid executables, eg suid root ones. Marco To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.96.981218200224.339C-100000>