On Tue, 5 Nov 2002 09:47:33 -0500, Klavs Klavsen wrote > it's /vservers that needs to be chmod 000 /vservers. The reason for that > is that the way the chroot problem has been fixed is that the kernel > checks for the access rights being 000, and if they are - even root are > not allowed to progress beyond them. > > I'm not sure, if this means that root in one vserver, can actually enter > another because it's not chmod 000'ed - if he can guess the vserver > name? Anyone can answer that?
No he can't because he has to open/lookup the /vservers directory and it fails if the security context is not 0. --------------------------------------------------------- Jacques Gelinas <[EMAIL PROTECTED]> vserver: run general purpose virtual servers on one box, full speed! http://www.solucorp.qc.ca/miscprj/s_context.hc
