From: klavs klavsen (kl_at_vsen.dk)
Date: Mon 11 Feb 2002 - 10:16:00 GMT
On Sun, 2002-02-10 at 18:35, Martin Josefsson wrote:
> > My question is, if anyone know or have tried wether or not the chroot
> > functionality of vserver can be broken like this? or does the kernel
> > changes help ensure, this never happens?
> >
> > This just to know how well I should sleep at night, with vserver
> > installed :-)
>
> The new stuff in the ctx-7 patch fixes all chroot breakouts that I know
> of. the way described in
> http://www.bpfh.net/simes/computing/chroot-break.html is plugged.
ctx-7? isn't the latest release ctx-6? you mean that it will be fixed
once ctx-7 hits the street?
>
> What I'm talking about is breaking out of a vserver, that should be fixed
> in ctx-7. But if you have a new chroot in a vserver that chroot could be
> broken out of but the attacker would still not be able to get out of the
> vserver.
ok. Thanks. looking forward to getting a secure vserver.
> /Martin
>
> Never argue with an idiot. They drag you down to their level, then beat you with experience.
I love that quote :-)
-- Regards, Klavs Klavsen-------------| This mail has been sent to you by: |------------ Klavs Klavsen - OpenSource Consultant kl_at_vsen.dk - http://www.vsen.dk
Get PGP key from www.keyserver.net - Key ID: 0x586D5BCA Fingerprint = A95E B57B 3CE0 9131 9D15 94DA E1CD 641E 586D 5BCA --------------------[ I believe that... ]----------------------- It is a myth that people resist change. People resist what other people make them do, not what they themselves choose to do... That's why companies that innovate successfully year after year seek their peopl's ideas, let them initiate new projects and encourage more experiments. -- Rosabeth Moss Kanter