From: Cathy Sarisky (cathy_at_acornhosting.net)
Date: Mon 09 Feb 2004 - 00:08:21 GMT
I just tried the exploit and my /vservers directory did NOT get chmoded to
001, looks like I pass. Lots of:
cd ..: Permission denied
chmod: Operation not permitted
This is with /vservers at 000 AND the +t attr, vs1.26 and vserver-0.29.
Yes, I know I should upgrade tools. Side note: using vbuild to build a
vserver with /vservers +t creates a vserver with too many +t's. I needed
to chattr -t the vserver and then vunify to get everything working.
Cathy
On Mon, 9 Feb 2004, Erik Smit wrote:
> On Mon, Feb 09, 2004 at 12:27:25AM +0100, Michael Hilscher wrote:
> > Hallo,
> >
> > i tried to upgrade my vserver installation from an 'ancient' 2.4.20 ctx
> > 16 up to
> > 2.4.24, 1.26, 0.28 (Tested with Debian Woody and SuSE 8.1).
> >
> > On my Testserver I found out, that the root-exploit is still working -
> > aswell on updated old system (synced of productive server) and clean
> > (means fresh installed) suse 8.1 system! Is there an special patch i
> > need for vs1.26?
>
> Did you chmod /vservers back to 000 after running the exploit on a
> vulnerable system? The exploit chmods it to 001.
>
> I fell for this one also. :)
>
> Regards,
>
> Erik Smit
> _______________________________________________
> Vserver mailing list
> Vserver_at_list.linux-vserver.org
> http://list.linux-vserver.org/mailman/listinfo/vserver
>
_______________________________________________
Vserver mailing list
Vserver_at_list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver