Date: Fri, 18 Dec 1998 12:13:49 -0700 (MST) From: Brendan Conoboy <synk@swcp.com> To: molter@tin.it Cc: freebsd-security@FreeBSD.ORG Subject: Re: A better explanation (was: buffer overflows and chroot) Message-ID: <199812181913.MAA07134@kitsune.swcp.com>
next in thread | raw e-mail | index | archive | help
> So my idea/question is: if I build a chroot jail for Bob, fitted with all > he needs (eg /bin, /usr/bin, /usr/local/bin, /usr/libexec, etc) and I > replace all the suid root binaries with suid root2 binaries, where root2 > is a normal user, he can do his experiments, but he can't get root. > > Is my idea safe/right/doable? Marco, As long as the root2 user has no different permissions to /dev than the user he starts out as, the idea is sound. On the other hand, some suid programs may behave differently than they would otherwise. This would be because (among other things) they wouldn't have the same kind of access to /dev that they used to have. That might taint the research results. -Brendan (synk@swcp.com) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199812181913.MAA07134>