Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 8 Aug 2012 14:28:11 +0400
From: Vasily Kulikov <segoon@...nwall.com>
To: owl-dev@...ts.openwall.com
Subject: Re: vzctl handles CT's FS without dropping privileges
 and before chroot (was: segoon's report #15)

Solar,

On Wed, Aug 08, 2012 at 10:35 +0400, Solar Designer wrote:
> What versions of vzctl are affected?  Is our 3.0.23 affected?

No, our version is not affected.  The bug was created in v3.0.28.

> What uses of vzctl are affected?  Is the issue exploitable on automatic
> CT startup/shutdown or only when a sysadmin uses vzctl manually?

It doesn't matter.  'vzctl start' does it unconditionally.

I've checked the git version and found that these 2 hacks were removed in
v3.2.  The modern versions of vzctl are not affected.  However, vzctl >=
3.2 needs RHEL6 kernel (changelog explicitly says so), so RHEL5-based
distros might still use old vzctl.

-- 
Vasily

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ