Date: Mon, 21 Dec 1998 17:42:22 +0100 From: Harold Gutch <logix@foobar.franken.de> To: Garance A Drosihn <drosih@rpi.edu>, Marco Molteni <molter@tin.it> Cc: freebsd-security@FreeBSD.ORG Subject: Re: A better explanation (was: buffer overflows and chroot) Message-ID: <19981221174222.A1588@foobar.franken.de> In-Reply-To: <v04011701b2a129cee810@[128.113.24.47]>; from Garance A Drosihn on Sat, Dec 19, 1998 at 05:22:57AM -0500 References: <62537.913989002@zippy.cdrom.com> <Pine.BSF.3.96.981218193124.339A-100000@nympha> <v04011701b2a129cee810@[128.113.24.47]>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, Dec 19, 1998 at 05:22:57AM -0500, Garance A Drosihn wrote: > At 7:57 PM +0100 12/18/98, Marco Molteni wrote: > >Scenario: > > > > 1. Bob is a non privileged user. > > 2. Bob actively searches for buffer overflows in suid binaries. > > 3. if Bob is able to do his job, soon or later he'll get root. > > 4. I don't mind if Bob is a good guy or a bad guy, I don't want > > anybody to be root on my machines. > > 5. I want to put him in a chroot jail full of suid binaries, but > > suid not to root, to pseudoroot, where pseudoroot is a > > non privileged user. > > 6. Bob can do all his experiments in his nice jail. > > 6. if Bob becomes pseudoroot, I am still safe, since: > > 6.1 he is in a chroot jail > > 6.2 in the jail there isn't any executable suid to a privileged > > user (root, bin, whatever). > > 6.3 from 6.2, he can't escape from the jail > > > > is 6.3 correct? > > >From #2, Bob is running setuid binaries. Presumably he's running a Binaries suid to some _unprivileged_ user. That's the whole point Marco is trying to make here. "bob" will eventually manage to become some other user. So, in case "bob" manages to exploit some buffer overflow or whatever other bugs your suid binary has, he will only be able to become another _unprivileged_ user. Unless he can do further harm from this uid, you are safe. He will not be able to break out of the chroot-jail unless himself is root (at least I have no idea how you'd break out being a normal unprivileged user). -- bye, logix <Shabby> Sleep is an abstinence syndrome wich occurs due to lack of caffein. Wed Mar 4 04:53:33 CET 1998 #unix, ircnet To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19981221174222.A1588>