-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 unmerge 329090 reassign 329090 util-vserver 0.30.204-5sarge2 thanks
Hi, I have updated the kernel-patch for 2.4 to properly honor the barrier in 2.4 kernels. The fix appears in version 2.3 of kernel-patch-vserver. This will solve #329087, and has been submitted to the security team for an update to sarge. However after fixing this, I ran some tests which brough out the issue that the util-vserver tools in sarge do not set the barrier correctly, which enables the chroot escape to work regardless of the kernel-patch being fixed. If I compile a new 2.4 kernel with this updated patch and then use the util-vserver package from sarge (0.30.204-5sarge2), I can break out of the barrier... I can break out of the barrier using the newer tools as well. However, if I set the barrier with the newer tools, I can no longer break out. This means that the tools in Sarge do not properly set the barrier and need to be updated. My tests: I compiled upstream 0.30.209, I use upstream showattr to demonstrate that the barrier is *not* set properly: # ./showattr /var/lib/vservers/ - ---bu-- /var/lib/vservers - ---bu-- /var/lib/vservers/bluebird I then use upstream setattr to set the barrier: # ./setattr --barrier /var/lib/vservers/bluebird/.. I then use upstream showattr to view the barrier: # ./showattr /var/lib/vservers/ - ---BU-- /var/lib/vservers - ---bu-- /var/lib/vservers/bluebird This is the correct barrier, and ssh'ing into the vserver the rootesc does not work. If I use the debian tools to look at the barrier: # /usr/sbin/showattr /var/lib/vservers/ - ---BU-- /var/lib/vservers/ - ---bu-- /var/lib/vservers/bluebird so the debian tools at least can see the correct barrier :) If I unset the barrier and then set it again with the debian Sarge tools, the chroot escape works again: # ./setattr --~barrier /var/lib/vservers/.. # /usr/sbin/setattr --barrier /var/lib/vservers/.. (ssh into the vserver, run the rootescape, it works). If I unset the barrier and set it again with the upstream tools, the chroot escape does not work anymore. I get the same results if I install the version of util-vserver that is currently in testing/unstable (0.30.208-4). So it is clear that the Debian Sarge tools are just not setting the barrier properly. Micah -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (GNU/Linux) iD8DBQFDjKLl9n4qXRzy1ioRAmFeAJ9KOIfTzNrJLBIWzP+Yrfms0nYwHQCePzDF hUSXcdgIeH1lWr0YnxlBEv0= =9mDj -----END PGP SIGNATURE----- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]