On Fri, Feb 06, 2004 at 05:58:31PM +0100, Ond?ej Sur� wrote:
> Hi,
>
> BEWARE this patch brokes Debian!
>
> dpkg does:
>
> mkdir("blah/blah.dpkg-new", 0)
> chmod("blah/blah.dpkg-new", 0755)
>
> And chmod obviously fails. Proper fix should probably check exact inode
> of /vservers/ dir and protect only this one particular inode.
hmm, good point, well, we have that in the devel
branch for some time now, so maybe it's time to
switch to that feature soon, maybe just a 'check'
if '..' is tried might be sufficient though ...
will investigate ...
thanks,
Herbert
> O.
>
> On Fri, 2004-02-06 at 16:43, Herbert Poetzl wrote:
> > On Fri, Feb 06, 2004 at 09:24:57AM -0600, Tom Walsh wrote:
> > >
> > > > as promised, the security bugfix release (1.25) for
> > > > the linux-vserver stable branch is now available at
> > > >
> > >
> > > Herbert,
> > >
> > > Does this mean that this exploit does not effect the devel tree (1.3x)?
> > > Or is it that you just haven't had the time to apply the patch to that
> > > tree?
> >
> > latter, or, to be precise, the fix (patch) applies
> > to both stable and devel, devel will have it included
> > in the next release ...
> >
> > HTH,
> > Herbert
> >
> > > Tom Walsh
> > > Network Administrator
> > > http://www.ala.net/
> > >
> > >
> > > _______________________________________________
> > > Vserver mailing list
> > > [EMAIL PROTECTED]
> > > http://list.linux-vserver.org/mailman/listinfo/vserver
> > _______________________________________________
> > Vserver mailing list
> > [EMAIL PROTECTED]
> > http://list.linux-vserver.org/mailman/listinfo/vserver
> --
> Ond??ej Sur� <[EMAIL PROTECTED]>
> Globe Internet s.r.o.
>
> _______________________________________________
> Vserver mailing list
> [EMAIL PROTECTED]
> http://list.linux-vserver.org/mailman/listinfo/vserver
_______________________________________________
Vserver mailing list
[EMAIL PROTECTED]
http://list.linux-vserver.org/mailman/listinfo/vserver
