Date: Fri, 18 Dec 1998 09:56:47 +0100 From: "Guido Stepken" <stepken@fss.firmen-info.de> To: "Marco Molteni" <molter@tin.it>, <freebsd-security@FreeBSD.ORG> Subject: Re: buffer overflows and chroot Message-ID: <002501be2a64$5a4dd8e0$9125b43e@beatix.intra.net>
next in thread | raw e-mail | index | archive | help
This program is absolute nonsense. buffer overflows can be everywhere in a handshake of specific protocols (mail from: ...rcpt to: , smtp) and are found in many gets puts routines in the library and every bloody program, which makes use of such libs. Some programs are written without static arrays, which could be overflowed (8-) wietses new mail program), but with dynamic memory adressing. Those programs can not be overflowed by any trick, but it can result in heavy swapping and finally in a DoS attack. Kick him off ! This guy is unserious as well as your professor !!!!!! regards, Guido Stepken -----Ursprüngliche Nachricht----- Von: Marco Molteni <molter@tin.it> An: freebsd-security@FreeBSD.ORG <freebsd-security@FreeBSD.ORG> Datum: Freitag, 18. Dezember 1998 10:19 Betreff: buffer overflows and chroot >Hi all, > >I am administering 3 FreeBSD machines at a lab at my University (yes, they >are the *first* FreeBSD machines in my university :-) > >We are working on IPv6/IPsec with the nice KAME kit (hello Itojun). > >Yesterday came a guy, working on a "automatic buffer overflow exploiting >program". I had to give him an account on my beloved machines, since my >professor told me so. The situation is: I trust enough this guy not to do >evil things, but his target is to get root via buffer overflow. > >He needs a compiler and some suid executables to test his tool. My >question is: can I restrict him in a sort of sandbox? If I build a chroot >environment with the tools he needs (compiler and bins) I can give him >some suid executables, where the owner isn't root. Is it right? > >Marco (who started to sweat) >--- >"Hi, I have a Compaq machine running Windows 95. How do I install FreeBSD?" >"I'm sorry, this is device driver testing: brain implants are two doors > down on the right". (Bill Paul, on the freebsd-net mailing list) > > > >To Unsubscribe: send mail to majordomo@FreeBSD.org >with "unsubscribe freebsd-security" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?002501be2a64$5a4dd8e0$9125b43e>