On Mon, Feb 09, 2004 at 11:14:16AM +0100, Michael Hilscher wrote: > Am 09.02.2004 um 01:08 schrieb Cathy Sarisky: > >I just tried the exploit and my /vservers directory did NOT get > >chmoded to > >001, looks like I pass. Lots of: > >cd ..: Permission denied > >chmod: Operation not permitted > exploit is working with stable stuff. > > >This is with /vservers at 000 AND the +t attr, vs1.26 and vserver-0.29. > >Yes, I know I should upgrade tools. Side note: using vbuild to build a > >vserver with /vservers +t creates a vserver with too many +t's. I > >needed > >to chattr -t the vserver and then vunify to get everything working. > Well I'm not sure what you ment about chattr -t. I did: > --- cut --- > 1. Patch Kernel with: > http://www.13thfloor.at/vserver/s_release/v1.26/patch-2.4.24- > vs1.26.diff.bz2 > make dep clean bzImage > vi /etc/lilo.conf > lilo > restart System with new Kernel > > 2. installed util-vserver: > http://www.13thfloor.at/vserver/s_release/v1.26/util-vserver > -0.28.tar.bz2 > > 3. chmod 000 /vservers > chmod +t /vservers ^^^^^^ probably that is the reason why it didn't work, should be
chattr +t /vservers you should then see something like this: [EMAIL PROTECTED] root]# /tmp/rootesc cd ..: Permission denied chmod: Operation not permitted cd ..: Permission denied chmod: Operation not permitted .. cd ..: Permission denied chmod: Operation not permitted Exploit seems to work. =) but that is just a wrong statement, as ls / hopefully will show HTH, Herbert PS: if it still works for you, please contact me, because something must be very different in your setup, as I verified once again, that it _is_ secure against this exploit > > 4. vserver retest build > --> got x-times repeated messages: Unknown option level > but job seems to be done right anyway. > > 5. Set IPROOT > > 6. Copyid compiled Exploit to /vservers/retest > > 7. ifconfig eth0:1 xxx up > stopped ssh of Testserver (just for fast testing :) > > 8. vserver retest start > vserver retest enter > /etc/init.d/sshd start > exit > 8. Login from external Host via ssh direct in vserver [EMAIL PROTECTED] > 9. linux:~ # ls -ld /vservers > ls: /vservers: No such file or directory > linux:~ # /exploit.o > Exploit seems to work. =) > sh-2.05b# ls -l / > ... and i can sea the root fs of host Server not the vserver one :( > --- / cut --- > > Please tell me, what steps are wrong and what did I forgot? > > > greetinXs, > Michael Hilscher > -- > Would Mozart have been more productive if he had scribes to help him, a > secretary and a CEO to lead his way? -- Linus Torvalds > > _______________________________________________ > Vserver mailing list > [EMAIL PROTECTED] > http://list.linux-vserver.org/mailman/listinfo/vserver _______________________________________________ Vserver mailing list [EMAIL PROTECTED] http://list.linux-vserver.org/mailman/listinfo/vserver
