Roderick A. Anderson wrote:
I noticed that Util-Vserver was reported with a SUEXEC Privilege
Escalation Weakness in the April 10 report.
I found nothing on the list about this back as far as late February. Is
this report FUD, not worth worrying about, or I missed the whole thread
on the list?
( https://savannah.nongnu.org/bugs/?func=detailitem&item_id=15996 )
In an odd way this is good since the other virtualization packages get
more publicity. :-(
It was discussed on IRC. How anyone can consider the host root entering
a guest and executing a command as root as privilege escalation is
beyond me (when in reality, you are dropping lots of capabilities,
filesystem access, etc.).
--
Daniel Hokka Zakrisson
GPG id: 06723412
GPG fingerprint: A455 4DF3 990A 431F FECA 7947 6136 DDA2 0672 3412
_______________________________________________
Vserver mailing list
[email protected]
http://list.linux-vserver.org/mailman/listinfo/vserver
