Re: [Vserver] Util-VServer in @RISK The Consensus Security Vulnerability Alert Vol. 5 No. 14:
vserver development mailing list
[Next/Previous Months] [Main vserver Project Homepage] [Howto Subscribe/Unsubscribe] [Paul Sladen's vserver stuff]

Re: [Vserver] Util-VServer in @RISK The Consensus Security Vulnerability Alert Vol. 5 No. 14

From: Daniel Hokka Zakrisson <daniel_at_hozac.com>
Date: Wed 19 Apr 2006 - 22:03:19 BST
Message-ID: <4446A597.9000301@hozac.com>

Roderick A. Anderson wrote:
> I noticed that Util-Vserver was reported with a SUEXEC Privilege
> Escalation Weakness in the April 10 report.
>
> I found nothing on the list about this back as far as late February. Is
> this report FUD, not worth worrying about, or I missed the whole thread
> on the list?
> ( https://savannah.nongnu.org/bugs/?func=detailitem&item_id=15996 )
>
> In an odd way this is good since the other virtualization packages get
> more publicity. :-(

It was discussed on IRC. How anyone can consider the host root entering
a guest and executing a command as root as privilege escalation is
beyond me (when in reality, you are dropping lots of capabilities,
filesystem access, etc.).

-- 
Daniel Hokka Zakrisson
GPG id: 06723412
GPG fingerprint: A455 4DF3 990A 431F FECA  7947 6136 DDA2 0672 3412
_______________________________________________
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver

Received on Wed Apr 19 22:03:33 2006

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

[Next/Previous Months] [Main vserver Project Homepage] [Howto Subscribe/Unsubscribe] [Paul Sladen's vserver stuff]
Generated on Wed 19 Apr 2006 - 22:03:36 BST by hypermail 2.1.8