On Fri, 11 May 2007 04:05:21 +0100, Corey Wright <[EMAIL PROTECTED]> wrote:

> the only problems i've encounter without COW is:
>1. slapping my forehead when i accidentally vhashify /etc, try to modify a
> config file, and spend several minutes trying to figure out why i can't
> modify the file though i've set it u+w.  (that happened sometime in the
> beginning and only happened once. ;-)
>2. upon upgrading or uninstall a package containing set[ug]id files, dpkg
> tries to unset the set[ug]id bit of the files (as a security precaution in
> case someone has hardlinked it and is keeping it around waiting for an
> exploit to be found in it).  of course this fails as the hashified file
> cannot be modified, but even worse dpkg stumbles on making a mess without
> reporting an error/failure.  i patched dpkg to not unset the file.  another
> debian user patched vhashify to skip set[ug]id files, which is the more
> proper solution (i only patched dpkg because it was the easier solution
> having already found the problematic code in dpkg while debugging the
> problem).  see the vserver mailing list archives for our patches.  see bug
> http://bugs.debian.org/382760 for my dpkg bug report.
>those are the two problems i've ever found.
>a tip is to rehashify your vservers and prune your .hash directory after
> package updates.  you can find a discussion on pruning scripts that i
> prompted on the mailing list sometime ago.

Excellent, thankyou for that, those were exactly the sorts of problems I 
expected.

I'd like to read the thread about pruning and the patches. The archive doesn't 
search well through google and has no inbuilt search. Any idea when the 
discussion was? I would prefer not to load anyones servers (and my HD) by 
downloading the lot.

When the archive says "email me" for the mbox, who is me?

Cheers,


-- 
 From Ben Green

_______________________________________________
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver

Reply via email to