Date: Fri, 18 Dec 1998 19:57:07 +0100 (CET) From: "Marco Molteni" <molter@tin.it> To: "Jordan K. Hubbard" <jkh@zippy.cdrom.com> Cc: freebsd-security@FreeBSD.ORG Subject: Re: A better explanation (was: buffer overflows and chroot) Message-ID: <Pine.BSF.3.96.981218193124.339A-100000@nympha> In-Reply-To: <62537.913989002@zippy.cdrom.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, 18 Dec 1998, Jordan K. Hubbard wrote:
> > In my situation I have a *legitimate* user, call him Bob, who actively
> > searches such buffer overflows. He does it for research, and he isn't
> > unserious as you state, I assure you.
>
> If he's searching for truely interesting exploits and he needs root
> priviledge for this, then he must not be very serious about this. :-)
Jordan,
obviously I agree with you, but I described something different.
Scenario:
1. Bob is a non privileged user.
2. Bob actively searches for buffer overflows in suid binaries.
3. if Bob is able to do his job, soon or later he'll get root.
4. I don't mind if Bob is a good guy or a bad guy, I don't want anybody
to be root on my machines.
5. I want to put him in a chroot jail full of suid binaries, but suid
not to root, to pseudoroot, where pseudoroot is a non privileged user.
6. Bob can do all his experiments in his nice jail.
6. if Bob becomes pseudoroot, I am still safe, since:
6.1 he is in a chroot jail
6.2 in the jail there isn't any executable suid to a privileged user (root,
bin, whatever).
6.3 from 6.2, he can't escape from the jail
is 6.3 correct?
> If someone wants to be root on a box, make him get his own to destroy.
I perfectly agree.
Marco
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.96.981218193124.339A-100000>