Date: Tue, 22 Dec 1998 09:28:31 -0600 From: Zach Heilig <zach@gaffaneys.com> To: Harold Gutch <logix@foobar.franken.de>, Garance A Drosihn <drosih@rpi.edu>, Marco Molteni <molter@tin.it> Cc: freebsd-security@FreeBSD.ORG Subject: Re: A better explanation (was: buffer overflows and chroot) Message-ID: <19981222092831.A31250@znh.org> In-Reply-To: <19981221174222.A1588@foobar.franken.de>; from Harold Gutch on Mon, Dec 21, 1998 at 05:42:22PM %2B0100 References: <62537.913989002@zippy.cdrom.com> <Pine.BSF.3.96.981218193124.339A-100000@nympha> <v04011701b2a129cee810@[128.113.24.47]> <19981221174222.A1588@foobar.franken.de>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Dec 21, 1998 at 05:42:22PM +0100, Harold Gutch wrote: > > >From #2, Bob is running setuid binaries. Presumably he's running a > Binaries suid to some _unprivileged_ user. > That's the whole point Marco is trying to make here. > "bob" will eventually manage to become some other user. > So, in case "bob" manages to exploit some buffer overflow or > whatever other bugs your suid binary has, he will only be able to > become another _unprivileged_ user. > Unless he can do further harm from this uid, you are safe. > He will not be able to break out of the chroot-jail unless himself > is root (at least I have no idea how you'd break out being a > normal unprivileged user). There is no need to break out of the chroot environment after finding a working attack. Assuming that "bob" is attacking what is normally an suid-root binary, and assuming this "bob" has a regular account as well, any attack that works against the suid-non-root user binary, also works against the (otherwise identical) suid-root binary. A non-priviledged user does not buy anything, if there is any worry that this "bob" wants perform malicious acts as root. -- Zach Heilig (zach@gaffaneys.com) Our one strength was that our senior officers were more flexible than theirs... How's that? We can customize our colonels. [ Illiad in User Friendly, Dec. 1, 1998 ] To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19981222092831.A31250>