Date: Fri, 18 Dec 1998 13:56:33 +0100 (CET) From: "Marco Molteni" <molter@tin.it> To: Guido Stepken <stepken@fss.firmen-info.de> Cc: freebsd-security@FreeBSD.ORG Subject: A better explanation (was: buffer overflows and chroot) Message-ID: <Pine.BSF.3.96.981218131426.311A-100000@nympha> In-Reply-To: <002501be2a64$5a4dd8e0$9125b43e@beatix.intra.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, 18 Dec 1998, Guido Stepken wrote: > This program is absolute nonsense. buffer overflows can be everywhere in > a handshake of specific protocols (mail from: ...rcpt to: , smtp) and > are found in many gets puts routines in the library and every bloody > program, which makes use of such libs. Some programs are written without > static arrays, which could be overflowed (8-) wietses new mail program), > but with dynamic memory adressing. Those programs can not be overflowed > by any trick, but it can result in heavy swapping and finally in a DoS > attack. Kick him off ! This guy is unserious as well as your professor > !!!!!! Guido, maybe I didn't explained well the situation, so I'll retry, ok? I know what a buffer overflow is. I know that some buffer overflows can be exploited to execute another program (eg a shell), and that, if the program exploited is suid, you get a shell with the effective uid of the owner of the file, as is obvious. --> Automatic or not automatic (I don't mind how much automation there's in all this affair) <--, there are many ways to find and try to exploit a buffer overflow, right? Ok. In my situation I have a *legitimate* user, call him Bob, who actively searches such buffer overflows. He does it for research, and he isn't unserious as you state, I assure you. Anyway, I don't like the idea of anybody other than me being root on my machines. So my idea/question is: if I build a chroot jail for Bob, fitted with all he needs (eg /bin, /usr/bin, /usr/local/bin, /usr/libexec, etc) and I replace all the suid root binaries with suid root2 binaries, where root2 is a normal user, he can do his experiments, but he can't get root. Is my idea safe/right/doable? Marco --- "Hi, I have a Compaq machine running Windows 95. How do I install FreeBSD?" "I'm sorry, this is device driver testing: brain implants are two doors down on the right". (Bill Paul, on the freebsd-net mailing list) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.96.981218131426.311A-100000>