Hello On Mon, Oct 03, 2005 at 01:46:44PM +0800, Andrew Lee wrote: > > Hi Ola, > > å¨ 2005/10/3 ä¸å 1:54 æï¼Ola Lundqvist 寫å°ï¼ > > How did you tested and found what kind of security problem? > > I assume you found you couldn't pass the test 109,121 of testfs.sh  > > script, right? > > Actually I run the rootesc program and saw that it was possible to > > escape. > > I think the rootesc program is only working for the bug in 2.4 kernel > patches in Debian, for other fails in testfs.sh, I guess probably > needs other exploit. > > I have upgraded to 0.30.208-2, I still got the same fails on i386,  > > but no errors on powerpc after I rebuilt the util-vserver package  > > from source. > > Ahh now I see. Missed that you used different architectures in your > > testing. > > Yes, that's why I have another powerpc related bug report. > Sorry for the confusion, I will help to test on i386 and powerpc for > you. > > I wonder why it do not fail after your rebuild. Maybe it pass > > only if I compile on a vserver patched system... > > Could you please confirm this?
I just got a report that Bertl have discovered that most util-vserver do make a compile-time check if it is a patched system, otherwise it revert to i386. It explain why it work for you when you recompile on powerpc. > Maybe, I should recompile the kernel patch+tools on i386 with a > vserver 2.0 patched system, cause I got fails on 2.6.12 and > util-vserver 0.30.208-2 from sid still, but all pass with same version > from sid on powerpc after a rebuild of util-vserver package. If would be really nice if you could do that as I'm in Germany this week. Thanks // Ola > -Andrew -- --- Ola Lundqvist systemkonsult --- M Sc in IT Engineering ---- / [EMAIL PROTECTED] Annebergsslingan 37 \ | [EMAIL PROTECTED] 654 65 KARLSTAD | | http://www.opal.dhs.org Mobile: +46 (0)70-332 1551 | \ gpg/f.p.: 7090 A92B 18FE 7994 0C36 4FE4 18A1 B1CF 0FE5 3DD9 / --------------------------------------------------------------- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]