[EMAIL PROTECTED] (Stephen Frost) writes: >> That's not possible. During the extraction phase, 'rpm' has to do >> an username -> uid mapping with the setup from the inside of the >> chroot. So at least there, I need getpwname() after chroot(). > > Sorry for the double-reply but additionally, is that the only place > where this issue exists? I'm not even sure what you mean by the > 'extraction phase'- do you mean when building the vserver?
It is meant the phase when 'rpm --root ...' extracts the files and has to map the username to an uid. > If you're building it new it seems unlikely that it's a compramised > vserver. 'vrpm' + 'vapt-get' + 'vyum' work long after the initial build also. This might be after the vserver was compromised. > Does this affect Debian users at all (who use Debian in their vservers)? Probably not; for Debian only the internal packagemanagement is supported. Enrico
pgpNJ4RJ803tT.pgp
Description: PGP signature
_______________________________________________ Vserver mailing list [email protected] http://list.linux-vserver.org/mailman/listinfo/vserver
