Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 8 Aug 2012 10:35:05 +0400
From: Solar Designer <>
Subject: vzctl handles CT's FS without dropping privileges and before chroot (was: segoon's report #15)


On Tue, Aug 07, 2012 at 11:30:15PM +0400, Vasily Kulikov wrote:
> - Found limited "unlink" ability of CT's root in CT0, reported to
>   OpenVZ bugzilla.

Thanks for CC'ing me.  This is:

It looks pretty serious to me.  Maybe we should have reported it
privately first.

What versions of vzctl are affected?  Is our 3.0.23 affected?

What uses of vzctl are affected?  Is the issue exploitable on automatic
CT startup/shutdown or only when a sysadmin uses vzctl manually?

(I guess the issue was introduced some time after my audit of OpenVZ in
late 2005 as I recall looking for things like this.)



Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.