From: Herbert Poetzl (herbert_at_13thfloor.at)
Date: Sat 07 Feb 2004 - 03:30:55 GMT
On Fri, Feb 06, 2004 at 06:12:58PM -0800, Cathy Sarisky wrote:
>
> Hi All,
>
> RedHat (at least 9, not sure about earlier) is affected by vs1.25 also -
> although most things work normally, useradd creates a directory with 000
> permissions that root is not able to chmod. Can anyone running RH confirm
> that vs1.26 doesn't have the issue before I build the kernel?
although I don't use a RH system, I'm pretty sure that,
if used correctly, vs1.26 doesn't have this issue ...
the check was extended and now requires 000 and the
IUNLINK flag to be set on the directory, which should
not be possible to create or remove from inside a vps
so it should be safe at least till the next exploit 8-)
HTH,
Herbert
> Thanks!
> Cathy
>
> p.s Herbert - thank you for the VERY fast response to the vulnerability.
> :)
well, to fast, as we have seen ;)
>
> On Fri, 6 Feb 2004, Herbert Poetzl wrote:
>
> > On Fri, Feb 06, 2004 at 10:33:14PM +0100, Herbert Poetzl wrote:
> > >
> > > Hello Folks!
> > >
> > > because the last security fix for the chmod()/chroot()
> > > issue was a little too fast, and a little too secure
> > > for some distros (debian was mentioned), this release
> > > restricts the security to the 'important' parts, the
> > > vserver directory.
> > >
> > > this is done in the following way:
> > >
> > > the chroot() 000 barrier is unaffected and unchanged,
> > > but in addition to that, a barrier with IUNLINK set
> > > can not be changed (chmod()), so the exploit isn't
> > > possible on such a secured system.
> > >
> > > What you have to do, after applying that patch?
> > >
> > > chmod 000 /vservers
> > > chattr +t -d /vservers
> >
> > as enrico pointed out, this is crap ;)
> >
> > chattr +t /vservers
> >
> > is what I meant, sorry for the confusion
> >
> > best,
> > Herbert
> >
> > > all-in-one and broken out patches for 2.4.24 as well
> > > as incremental patches are available at
> > >
> > > http://www.13thfloor.at/vserver/s_release/
> > >
> > > a temporary fix for the chmod()/chroot() exploit is
> > > to make the vserver directory immutable, but that
> > > will affect vserver creation and destruction in
> > > various ways, so an upgrade is advised.
> > >
> > > best,
> > > Herbert
> > >
> > > _______________________________________________
> > > Vserver mailing list
> > > Vserver_at_list.linux-vserver.org
> > > http://list.linux-vserver.org/mailman/listinfo/vserver
> > _______________________________________________
> > Vserver mailing list
> > Vserver_at_list.linux-vserver.org
> > http://list.linux-vserver.org/mailman/listinfo/vserver
> >
>
> _______________________________________________
> Vserver mailing list
> Vserver_at_list.linux-vserver.org
> http://list.linux-vserver.org/mailman/listinfo/vserver
_______________________________________________
Vserver mailing list
Vserver_at_list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver