[EMAIL PROTECTED] ("Dariush Pietrzak,,,") writes:
>> >> legacy configuration does not have a big future and *would*
>> >> need security fixes first, this has a very low priority.
>> > What security fixes?
>>
>> Oh... where shall I begin? Basically, the filesystem operations
>> are full of races and contain enough opportunities for symlink
> I'm not sure I follow, what filesystem operations, reading of
> configuration?Code like | mkdir -p $1/proc $1/dev/pts | mount -t proc none $1/proc | | rm -f `find var/run -type f` | rm -f var/lock/subsys/* | | exec $_CHBIND $SILENT $IPOPT --bcast $IPROOTBCAST \ | $_CHCONTEXT_COMPAT $SILENT $FLAGS $CAPS --secure --ctx $S_CONTEXT \ | $_CAPCHROOT --suid $USERID . "$@" (this enumeration is far away from being complete; just look into the legacy 'vserver' script and you will find more of these examples). Enrico
pgp5RLJWp9W5f.pgp
Description: PGP signature
_______________________________________________ Vserver mailing list [email protected] http://list.linux-vserver.org/mailman/listinfo/vserver
