vserver development mailing list: Re: [Vserver] root-exploit still working with 1.26 and util 0.28!

Re: [Vserver] root-exploit still working with 1.26 and util 0.28!:
vserver development mailing list
[Next/Previous Months] [Main vserver Project Homepage] [Howto Subscribe/Unsubscribe] [Paul Sladen's vserver stuff]

About this list	Date view	Thread view	Subject view	Author view	Attachment view

From: Herbert Poetzl (herbert_at_13thfloor.at)
Date: Mon 09 Feb 2004 - 00:40:17 GMT

Previous message: Robert Cope: "[Vserver] process accounting"
In reply to: Cathy Sarisky: "Re: [Vserver] root-exploit still working with 1.26 and util 0.28!"
Next in thread: Michael Hilscher: "Re: [Vserver] root-exploit still working with 1.26 and util 0.28!"

On Sun, Feb 08, 2004 at 04:08:21PM -0800, Cathy Sarisky wrote:
>
> I just tried the exploit and my /vservers directory did NOT get chmoded to
> 001, looks like I pass. Lots of:
> cd ..: Permission denied
> chmod: Operation not permitted
>
> This is with /vservers at 000 AND the +t attr, vs1.26 and vserver-0.29.
> Yes, I know I should upgrade tools. Side note: using vbuild to build a
> vserver with /vservers +t creates a vserver with too many +t's. I needed
> to chattr -t the vserver and then vunify to get everything working.

yes, that is something we are working on, actually
it is already fixed from userspace in a prerelease
version of util-vserver, maybe we do an optional
kernel fix/enhancement for that too ...

explanation: some extented attributes ar 'inherited'
from a directory to it's dir entries, one of them
is the notail flag (which is used as the iunlink
flag on vserver, which wasn't changed in stable
for compatibility reasons)

HTH,
Herbert

> Cathy
>
> On Mon, 9 Feb 2004, Erik Smit wrote:
>
> > On Mon, Feb 09, 2004 at 12:27:25AM +0100, Michael Hilscher wrote:
> > > Hallo,
> > >
> > > i tried to upgrade my vserver installation from an 'ancient' 2.4.20 ctx
> > > 16 up to
> > > 2.4.24, 1.26, 0.28 (Tested with Debian Woody and SuSE 8.1).
> > >
> > > On my Testserver I found out, that the root-exploit is still working -
> > > aswell on updated old system (synced of productive server) and clean
> > > (means fresh installed) suse 8.1 system! Is there an special patch i
> > > need for vs1.26?
> >
> > Did you chmod /vservers back to 000 after running the exploit on a
> > vulnerable system? The exploit chmods it to 001.
> >
> > I fell for this one also. :)
> >
> > Regards,
> >
> > Erik Smit
> > _______________________________________________
> > Vserver mailing list
> > Vserver_at_list.linux-vserver.org
> > http://list.linux-vserver.org/mailman/listinfo/vserver
> >
>
> _______________________________________________
> Vserver mailing list
> Vserver_at_list.linux-vserver.org
> http://list.linux-vserver.org/mailman/listinfo/vserver
_______________________________________________
Vserver mailing list
Vserver_at_list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver

Previous message: Robert Cope: "[Vserver] process accounting"
In reply to: Cathy Sarisky: "Re: [Vserver] root-exploit still working with 1.26 and util 0.28!"
Next in thread: Michael Hilscher: "Re: [Vserver] root-exploit still working with 1.26 and util 0.28!"

About this list	Date view	Thread view	Subject view	Author view	Attachment view

[Next/Previous Months] [Main vserver Project Homepage] [Howto Subscribe/Unsubscribe] [Paul Sladen's vserver stuff]
Generated on Mon 09 Feb 2004 - 00:41:27 GMT by hypermail 2.1.3