Hello Folks! because the last security fix for the chmod()/chroot() issue was a little too fast, and a little too secure for some distros (debian was mentioned), this release restricts the security to the 'important' parts, the vserver directory.
this is done in the following way: the chroot() 000 barrier is unaffected and unchanged, but in addition to that, a barrier with IUNLINK set can not be changed (chmod()), so the exploit isn't possible on such a secured system. What you have to do, after applying that patch? chmod 000 /vservers chattr +t -d /vservers all-in-one and broken out patches for 2.4.24 as well as incremental patches are available at http://www.13thfloor.at/vserver/s_release/ a temporary fix for the chmod()/chroot() exploit is to make the vserver directory immutable, but that will affect vserver creation and destruction in various ways, so an upgrade is advised. best, Herbert _______________________________________________ Vserver mailing list [EMAIL PROTECTED] http://list.linux-vserver.org/mailman/listinfo/vserver
