-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Herbert Poetzl wrote:
> On Wed, Nov 07, 2012 at 09:53:02PM +0000, halfdog wrote: Herbert
> Poetzl wrote:
>>> On Wed, Nov 07, 2012 at 04:13:48PM +0000, halfdog wrote:
>>> Security
>>>> testing showed that when an admin enters a vserver guest from
>>>> interactive shell, a malicious user inside the guest can use
>>>> this to execute commands on the host. ...
>>>
>>> TIOCSTI only works if enabled for a guest (VXC_TIOCSTI) so
>>> unless you have found a bug to circumvent this, I think
>>> Linux-VServer is not affected.
>
> no, it shouldn't be enabled by default. you can check it either via
> 'vattribute --get ...' or by looking at the CCAPS in 'cat
> /proc/virtual/<xid>/status' VXC_TIOCSTI is defined as 0x00000010,
> so it is bit #4
I think, Corey did a perfect analysis, so issue is confirmed by source
analsis.
Just for the records, Herbert you were right regarding caps: VXC_TIOCSTI
is not enabled by default (secure default), although stat allows guest
to detect all available ptys on host and guest (compare guest "ls
/dev/pts/" to "stat /dev/pts/[num]" where num is valid on host but not
visible to guest), I have not found any other ways to manipulate ttys
using TIOCSTI or other methods, nor within or between guests.
# cat /proc/virtual/40000/status
UseCnt: 5
Tasks: 2
Flags: 0000001602020010
BCaps: ffffffffb44c04ff
CCaps: 0000000000004101
Umask: 0
Wmask: 0
Spaces: 0c020200 00020200
hd
- --
http://www.halfdog.net/
PGP: 156A AE98 B91F 0114 FE88 2BD8 C459 9386 feed a bee
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iEYEARECAAYFAlCed3QACgkQxFmThv7tq+5j5gCdFo5yBqPrpx6+qc6bf0psNk9m
R5kAnAlrtpRF5g81zJZyJNRZXzoM7y7F
=tRzk
-----END PGP SIGNATURE-----
Received on Sat Nov 10 15:49:52 2012