Package: util-vserver Version: 0.30.209-2 Severity: important Tags: security patch upstream
This is upstream bug #15996: suexec from root with an invalid ID runs as root. https://savannah.nongnu.org/bugs/?func=detailitem&item_id=15996 [EMAIL PROTECTED]:~$ sudo vserver buildd suexec david id uid=0(root) gid=0(root) groups=0(root) [EMAIL PROTECTED]:~$ sudo vserver buildd suexec 1000 id uid=1000(david) gid=0(root) groups=0(root) [EMAIL PROTECTED]:~$ There is also a patch already available at https://savannah.nongnu.org/patch/?func=detailitem&item_id=4966 Regards, David -- System Information: Debian Release: testing/unstable APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.16-1-vserver-686 Locale: LANG=C, LC_CTYPE=de_AT.UTF-8 (charmap=UTF-8) Versions of packages util-vserver depends on: ii iproute 20051007-4 Professional tools to control the ii libbeecrypt6 4.1.2-4 open source C library of cryptogra ii libc6 2.3.6-4 GNU C Library: Shared libraries an ii net-tools 1.60-17 The NET-3 networking toolkit Versions of packages util-vserver recommends: ii binutils 2.16.1cvs20060117-1uc1 The GNU assembler, linker and bina ii make 3.80+3.81.rc2-1 The GNU version of the "make" util -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
