Date: Fri, 18 Dec 1998 05:50:02 -0800 From: "Jordan K. Hubbard" <jkh@zippy.cdrom.com> To: "Marco Molteni" <molter@tin.it> Cc: Guido Stepken <stepken@fss.firmen-info.de>, freebsd-security@FreeBSD.ORG Subject: Re: A better explanation (was: buffer overflows and chroot) Message-ID: <62537.913989002@zippy.cdrom.com> In-Reply-To: Your message of "Fri, 18 Dec 1998 13:56:33 %2B0100." <Pine.BSF.3.96.981218131426.311A-100000@nympha>
next in thread | previous in thread | raw e-mail | index | archive | help
> In my situation I have a *legitimate* user, call him Bob, who actively > searches such buffer overflows. He does it for research, and he isn't > unserious as you state, I assure you. If he's searching for truely interesting exploits and he needs root priviledge for this, then he must not be very serious about this. :-) It seems a truly dedicated attacker would want to show how things could be exploited *as an ordinary user* in making the case for a serious defense against buffer overflow and other similar types of exploits. Doing it as root is a little like proving you can "break" into a house when you have a full set of keys to all the doors. :-) > So my idea/question is: if I build a chroot jail for Bob, fitted with all > he needs (eg /bin, /usr/bin, /usr/local/bin, /usr/libexec, etc) and I > replace all the suid root binaries with suid root2 binaries, where root2 > is a normal user, he can do his experiments, but he can't get root. No chroot jail is really safe in the hands of someone with root access; he can always use raw device access to get at things outside the jail (or even destroy them inadvertantly during exploit testing). If someone wants to be root on a box, make him get his own to destroy. This is nothing that any computer facilities support department would generally allow, I can say that much, and if I asked for root access as "Bob" in just about any situation I can think of, the owners of the box in question would laugh wildly for about 5 minutes and then tell me to go jump myself. If I want that kind of access, I have to assume that it's going to have to be my own box. - Jordan To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?62537.913989002>