From: Herbert Poetzl (herbert_at_13thfloor.at)
Date: Fri 06 Feb 2004 - 21:33:14 GMT
Hello Folks!
because the last security fix for the chmod()/chroot()
issue was a little too fast, and a little too secure
for some distros (debian was mentioned), this release
restricts the security to the 'important' parts, the
vserver directory.
this is done in the following way:
the chroot() 000 barrier is unaffected and unchanged,
but in addition to that, a barrier with IUNLINK set
can not be changed (chmod()), so the exploit isn't
possible on such a secured system.
What you have to do, after applying that patch?
chmod 000 /vservers
chattr +t -d /vservers
all-in-one and broken out patches for 2.4.24 as well
as incremental patches are available at
http://www.13thfloor.at/vserver/s_release/
a temporary fix for the chmod()/chroot() exploit is
to make the vserver directory immutable, but that
will affect vserver creation and destruction in
various ways, so an upgrade is advised.
best,
Herbert
_______________________________________________
Vserver mailing list
Vserver_at_list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver