|
Message-ID: <20120808102811.GA5509@albatros> Date: Wed, 8 Aug 2012 14:28:11 +0400 From: Vasily Kulikov <segoon@...nwall.com> To: owl-dev@...ts.openwall.com Subject: Re: vzctl handles CT's FS without dropping privileges and before chroot (was: segoon's report #15) Solar, On Wed, Aug 08, 2012 at 10:35 +0400, Solar Designer wrote: > What versions of vzctl are affected? Is our 3.0.23 affected? No, our version is not affected. The bug was created in v3.0.28. > What uses of vzctl are affected? Is the issue exploitable on automatic > CT startup/shutdown or only when a sysadmin uses vzctl manually? It doesn't matter. 'vzctl start' does it unconditionally. I've checked the git version and found that these 2 hacks were removed in v3.2. The modern versions of vzctl are not affected. However, vzctl >= 3.2 needs RHEL6 kernel (changelog explicitly says so), so RHEL5-based distros might still use old vzctl. -- Vasily
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.