On Fri, 11 May 2007 04:05:21 +0100, Corey Wright <undefined@pobox.com> wrote:
> the only problems i've encounter without COW is:
>1. slapping my forehead when i accidentally vhashify /etc, try to modify a
> config file, and spend several minutes trying to figure out why i can't
> modify the file though i've set it u+w. (that happened sometime in the
> beginning and only happened once. ;-)
>2. upon upgrading or uninstall a package containing set[ug]id files, dpkg
> tries to unset the set[ug]id bit of the files (as a security precaution in
> case someone has hardlinked it and is keeping it around waiting for an
> exploit to be found in it). of course this fails as the hashified file
> cannot be modified, but even worse dpkg stumbles on making a mess without
> reporting an error/failure. i patched dpkg to not unset the file. another
> debian user patched vhashify to skip set[ug]id files, which is the more
> proper solution (i only patched dpkg because it was the easier solution
> having already found the problematic code in dpkg while debugging the
> problem). see the vserver mailing list archives for our patches. see bug
> http://bugs.debian.org/382760 for my dpkg bug report.
>those are the two problems i've ever found.
>a tip is to rehashify your vservers and prune your .hash directory after
> package updates. you can find a discussion on pruning scripts that i
> prompted on the mailing list sometime ago.
Excellent, thankyou for that, those were exactly the sorts of problems I expected.
I'd like to read the thread about pruning and the patches. The archive doesn't search well through google and has no inbuilt search. Any idea when the discussion was? I would prefer not to load anyones servers (and my HD) by downloading the lot.
When the archive says "email me" for the mbox, who is me?
Cheers,
-- From Ben Green _______________________________________________ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserverReceived on Fri May 11 08:51:18 2007