From: Herbert Poetzl (herbert_at_13thfloor.at)
Date: Sun 04 Jul 2004 - 01:17:56 BST

• Previous message: Herbert Poetzl: "[Vserver] [Release] Stable 1.28"
• In reply to: Herbert Poetzl: "[Vserver] [Release] Stable 1.28"
• Next in thread: Veit Wahlich: "[Vserver] [Advisory] Linux Virtual Server/Secure Context procfs shared permissions flaw [was: Re: [Release] Stable 1.28]"
• Reply: Veit Wahlich: "[Vserver] [Advisory] Linux Virtual Server/Secure Context procfs shared permissions flaw [was: Re: [Release] Stable 1.28]"

On Sun, Jul 04, 2004 at 02:00:42AM +0200, Herbert Poetzl wrote:
>
> Hi Community!
>
> updated the 1.2 (stable) branch to vs1.28, which
> includes two security improvements ...
>
> * the procfs is no longer vulnerable to arbitrary
> modifications from inside a vserver

somehow I forgot to give credit to Veit Wahlich, who
reported the procfs issues, and will write an
advisory regarding a possible DoS attack ...

sorry, wasn't intentional ...

best,
Herbert

> * xattrib modifications of immutable files are
> denied if CAP_IMMUTABLE is missing
>
> nothing else has changed, but there is a patch for
> 2.4.27-rc2, which I would like to see tested, as
> the 2.4.27 kernel will be slightly different to
> 2.4.26 ...
>
> note: the 2.4.26-fpu-state-fix patch avoids the
> DoS discovered on 2.4.26, if you use that
> version, make sure to apply it ...
>
> enjoy,
> Herbert
>
_______________________________________________
Vserver mailing list
Vserver_at_list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver

• Previous message: Herbert Poetzl: "[Vserver] [Release] Stable 1.28"
• In reply to: Herbert Poetzl: "[Vserver] [Release] Stable 1.28"
• Next in thread: Veit Wahlich: "[Vserver] [Advisory] Linux Virtual Server/Secure Context procfs shared permissions flaw [was: Re: [Release] Stable 1.28]"
• Reply: Veit Wahlich: "[Vserver] [Advisory] Linux Virtual Server/Secure Context procfs shared permissions flaw [was: Re: [Release] Stable 1.28]"