Date: Tue, 22 Dec 1998 20:05:49 +0100 (CET) From: "Marco Molteni" <molter@tin.it> To: Zach Heilig <zach@gaffaneys.com> Cc: freebsd-security@FreeBSD.ORG Subject: Re: A better explanation (was: buffer overflows and chroot) Message-ID: <Pine.BSF.3.96.981222195952.459B-100000@nympha> In-Reply-To: <19981222092831.A31250@znh.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 22 Dec 1998, Zach Heilig wrote: > There is no need to break out of the chroot environment after finding a > working attack. > > Assuming that "bob" is attacking what is normally an suid-root binary, > and assuming this "bob" has a regular account as well, any attack that > works against the suid-non-root user binary, also works against the > (otherwise identical) suid-root binary. My gosh, Zach. I'm not completely fool. Bob *hasn't* a regular (== not chrooted) account. Otherwise, why would I build the chroot environment? Marco (feeling unable to make himself understood) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.96.981222195952.459B-100000>