Package: util-vserver Version: 0.30.216-pre3054-1 Tags: security According to vserver developers, "vserver enter" is not intended to be safe for compromised guests and can easily be used to escape to the host (POC code available on request). It should be stated in the man pages accordingly, that the tool must not be used in such cases.
Apart from that "vserver enter" (quite likely also "vserver start"and possibly other commands) are not intended to protect from hijacking of the host admin's tty, thus allowing evil guests to inject arbitrary commands into the tty . Depending on guest distribution, this will even work from unprivileged guest user, e.g. postgres. Hence man pages should note also that any call methods preserving the host's interactive shell tty context making them available to the guest must not be invoked on untrusted guests to avoid compromise of the host.
smime.p7s
Description: S/MIME cryptographic signature
