From: Andreas Scholz (sc_at_optomed.de)
Date: Wed 14 Jan 2004 - 14:03:07 GMT
thank you for this fast answer!
>> Today i installed minimal SuSE 9, and patched a vanilla
>> kernel 2.4.23 with vserver and acl patch.
>hmm, may I ask why 2.4.23 and vs1.22 when there
>is 2.4.24 and vs1.23? some kind of nostalgia?
;-) - i just followed http://acl.bestbits.at/, and they provide
patches for <2.4.23, for me this seems to be No.1 acl-resource,
so i took their patch.
please let me know if i missed something (a newer acl-patch version?)
>reasons for not using 2.4.23 + vs1.22
>- mremap() syscall can gain priviledges
>- /dev/rtc leak parts of kernel memory
>- /procfs vulnerability
>replacing IS_IMMUTABLE either with IS_IMMUTABLE_FILE
>or IS_IMMUTABLE_LINK, depending on the context
>should solve this ...
that means i have to decide in advance wether to use vunify
or not ? ok, i think i'll test this
>PS: volunteering to check the ACL stuff? if so
>just let me know ...
mmh, according to my poor knowledge, all i can do is test some
thx so far - Andreas
Vserver mailing list