From: Herbert Poetzl (herbert_at_13thfloor.at)
Date: Wed 14 Jan 2004 - 15:00:57 GMT
On Wed, Jan 14, 2004 at 03:03:07PM +0100, Andreas Scholz wrote:
> thank you for this fast answer!
> >> Today i installed minimal SuSE 9, and patched a vanilla
> >> kernel 2.4.23 with vserver and acl patch.
> >hmm, may I ask why 2.4.23 and vs1.22 when there
> >is 2.4.24 and vs1.23? some kind of nostalgia?
> ;-) - i just followed http://acl.bestbits.at/, and they provide
> patches for <2.4.23, for me this seems to be No.1 acl-resource,
> so i took their patch.
well, 2.4.24 - security fixes == 2.4.23 so the
acl patches will probably apply to 2.4.24 too
(maybe they didn't even bother to release a new
version just because they apply cleanly)
> please let me know if i missed something (a newer acl-patch version?)
> >reasons for not using 2.4.23 + vs1.22
> >- mremap() syscall can gain priviledges
> >- /dev/rtc leak parts of kernel memory
> >- /procfs vulnerability
> >replacing IS_IMMUTABLE either with IS_IMMUTABLE_FILE
> >or IS_IMMUTABLE_LINK, depending on the context
> >should solve this ...
> that means i have to decide in advance wether to use vunify
> or not ? ok, i think i'll test this
> >PS: volunteering to check the ACL stuff? if so
> >just let me know ...
> mmh, according to my poor knowledge, all i can do is test some
> pre-versions tomorrow...
hmm, what I meant was: if you volunteer to do
some testing, I can 'adapt' the vserver stuff
to the acl patches ;)
> thx so far - Andreas
> Vserver mailing list
Vserver mailing list