Dear Vserver Community! Markus M�ller from GeNUA (Germany) reported an up to now unknown way to escape from the vserver chroot jail, which is based on the fact the chmod did not verify the 000 barrier correctly ...
the following patch, applied with patch -p0 fixes this issue, for stable and devel releases http://www.13thfloor.at/vserver/security/root-escape-fix.diff a new stable version including this fix will be available in the next hour ... this is a vulnerability, which allows any vserver root user to escape the chroot() jail, and gain access to the host server, so I would suggest to patch/upgrade as soon as possible. HTH, Herbert PS: all linux-vserver versions are affected. _______________________________________________ Vserver mailing list [EMAIL PROTECTED] http://list.linux-vserver.org/mailman/listinfo/vserver
