As the exploit been published?
A Sex, 2004-02-06 �s 21:33, Herbert Poetzl escreveu: > Hello Folks! > > because the last security fix for the chmod()/chroot() > issue was a little too fast, and a little too secure > for some distros (debian was mentioned), this release > restricts the security to the 'important' parts, the > vserver directory. > > this is done in the following way: > > the chroot() 000 barrier is unaffected and unchanged, > but in addition to that, a barrier with IUNLINK set > can not be changed (chmod()), so the exploit isn't > possible on such a secured system. > > What you have to do, after applying that patch? > > chmod 000 /vservers > chattr +t -d /vservers > > all-in-one and broken out patches for 2.4.24 as well > as incremental patches are available at > > http://www.13thfloor.at/vserver/s_release/ > > a temporary fix for the chmod()/chroot() exploit is > to make the vserver directory immutable, but that > will affect vserver creation and destruction in > various ways, so an upgrade is advised. > > best, > Herbert > > _______________________________________________ > Vserver mailing list > [EMAIL PROTECTED] > http://list.linux-vserver.org/mailman/listinfo/vserver _______________________________________________ Vserver mailing list [EMAIL PROTECTED] http://list.linux-vserver.org/mailman/listinfo/vserver
