On Mon, Feb 09, 2004 at 01:15:52PM +0100, Kern Wolfgang wrote: > Hi vServer Team, > > i have downloaded and compiled this expl. too and with 1.26 (Kernel 2.4.24) > the expl. seems still to work :( > > i have try this both ways: > > chmod 000 /vservers > chattr +t /vservers > > and with > > chmod +t /vservers > > but this expl. Is still working, the only different between chattr and chmod > is one little line of error like this:
*sigh* chmod 000 /vservers chmod +t /vservers / # ls -ld /vservers d--------T 10 root root 1024 Dec 6 00:15 /vservers / # lsattr -d /vservers ------------- /vservers INSECURE!! chmod 000 /vservers chattr +t /vservers chmod +t /vservers / # ls -ld /vservers d--------T 10 root root 1024 Dec 6 00:15 /vservers / # lsattr -d /vservers -----------t- /vservers INSECURE!! chmod 000 /vservers chattr +t /vservers / # ls -ld /vservers d--------- 10 root root 1024 Dec 6 00:15 /vservers / # lsattr -d /vservers -----------t- /vservers SECURE what are your flags today? HTH, Herbert > [EMAIL PROTECTED]:~# ./chroot_exp > cd ..: Permission denied > Exploit seems to work. =) > > But for now i can see full host strukture... the very bad thing is, i can > modify and delete any file from the host, seems like full root rights. The > mystic way, i have to "exit" two times for a normaly host view, like this: > > [EMAIL PROTECTED]:/# exit > exit > [EMAIL PROTECTED]:~# exit > logout > pbvsc:~# > > At first "exit" the system is in the last folder from i started the expl. > With the second "exit" the system is right now in host system. With SSH on > the expl. V-child i have no access to host system if i try this over ssh on > a v-child it works like vserver NAME enter. One thing i don't understand for > right now... after execute the exploit the right are set to: > > Owner: root > Group: root > > If i set all back with chattr and chmod the rights set to: > > Owner: root > Group: sys > > I hope, i have not repeated this problem the 1000000x... > > > > > > Regards > > Development Department Germany > > W)ireless W)inds GbR. > Hosting | CoLocation | IP-Transit > Design | Develop. | Production > > | Web: Http://www.Wireless-Winds.de > | Web: Http://www.WWip.de > | Web: Http://www.WWip.ch > | eMail: [EMAIL PROTECTED] > > > CONFIDENTIALITY NOTICE > This mail contains information which is confidential and may also be > privileged. It is for exclusive use of the intended recipient(s). If you are > not the intended recipient(s), please note that any distribution, copying > or use of this mail or the information in it is strictly prohibited. If you > have received this mail in error, please notify us immediately and then > destroy this mail and any copies of it. Thank you! > > HINWEIS > Diese Nachricht enth�lt vertrauliche Informationen. Diese sind ausdr�cklich > nur f�r den/die Empf�nger dieser Nachricht bestimmt. Sollten Sie nicht der > beabsichtigte Empf�nger sein so nehmen Sie bitte zur Kenntnis, dass jede > Weiterleitung, jede Kopie oder die Verwendung der in dieser Nachricht > enthaltenen Informationen untersagt ist. Sollten Sie diese Nachricht > f�lschlicherweise erhalten haben, so benachrichtigen Sie uns bitte umgehend > und l�schen Sie diese Nachricht und s�mtliche Kopien bzw. Ausdrucke. Vielen > Dank! > > _______________________________________________ > Vserver mailing list > [EMAIL PROTECTED] > http://list.linux-vserver.org/mailman/listinfo/vserver _______________________________________________ Vserver mailing list [EMAIL PROTECTED] http://list.linux-vserver.org/mailman/listinfo/vserver
