chmod 000 /vservers chattr +t /vservers
/ # ls -ld /vservers d--------- 10 root root 1024 Dec 6 00:15 /vservers / # lsattr -d /vservers -----------t- /vservers
SECURE
you are right, after chmod 000 /vservers chmod +t /vservers
exploid dont work anymore. But on the other hand, i cant create a new vserver anymore:
vserver beta build
cp: cannot create hard link `/vservers/beta/./sbin/e2fsck' to `/vservers/beta/./sbin/fsck.ext3': Operation not permitted
... and so on :(
AND the chattr +t cmd worked only correct after deleting old /vserver dir.
I used it on old /vserver first but, after chattr +t /vservers i got:
lsattr -d /vservers
------------- /vservers
thats the reason why exploit still worked, after upgrading to 1.24 ...
But in the end i cant see any benefit to the chattr +i /vservers mehtod. If i like to create an new vserver i have to chattr -i with old Vserver. With 1.24 i need to chattr -t /vservers before i can create a new one.
Is there another security issue in old ctx16 which i might don't know yet, or am i secure (for the moment) with chattr +i ???
greetinXs, Michael Hilscher -- Would Mozart have been more productive if he had scribes to help him, a secretary and a CEO to lead his way? -- Linus Torvalds
_______________________________________________ Vserver mailing list [EMAIL PROTECTED] http://list.linux-vserver.org/mailman/listinfo/vserver
