On Sun, Jul 04, 2004 at 02:00:42AM +0200, Herbert Poetzl wrote: > > Hi Community! > > updated the 1.2 (stable) branch to vs1.28, which > includes two security improvements ... > > * the procfs is no longer vulnerable to arbitrary > modifications from inside a vserver
somehow I forgot to give credit to Veit Wahlich, who reported the procfs issues, and will write an advisory regarding a possible DoS attack ... sorry, wasn't intentional ... best, Herbert > * xattrib modifications of immutable files are > denied if CAP_IMMUTABLE is missing > > nothing else has changed, but there is a patch for > 2.4.27-rc2, which I would like to see tested, as > the 2.4.27 kernel will be slightly different to > 2.4.26 ... > > note: the 2.4.26-fpu-state-fix patch avoids the > DoS discovered on 2.4.26, if you use that > version, make sure to apply it ... > > enjoy, > Herbert > _______________________________________________ Vserver mailing list [EMAIL PROTECTED] http://list.linux-vserver.org/mailman/listinfo/vserver
