Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 8 Aug 2012 10:35:05 +0400
From: Solar Designer <solar@...nwall.com>
To: owl-dev@...ts.openwall.com
Subject: vzctl handles CT's FS without dropping privileges and before chroot (was: segoon's report #15)

Vasily,

On Tue, Aug 07, 2012 at 11:30:15PM +0400, Vasily Kulikov wrote:
> - Found limited "unlink" ability of CT's root in CT0, reported to
>   OpenVZ bugzilla.

Thanks for CC'ing me.  This is:

http://bugzilla.openvz.org/show_bug.cgi?id=2329

It looks pretty serious to me.  Maybe we should have reported it
privately first.

What versions of vzctl are affected?  Is our 3.0.23 affected?

What uses of vzctl are affected?  Is the issue exploitable on automatic
CT startup/shutdown or only when a sysadmin uses vzctl manually?

(I guess the issue was introduced some time after my audit of OpenVZ in
late 2005 as I recall looking for things like this.)

Thanks,

Alexander

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ