On Wed, Sep 28, 2005 at 02:47:28PM +0800, Andrew Lee wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Ola Lundqvist wrote: > > >> I do not have access to a 2.6 kernel patched with vserver but I > >> can check on a patched 2.4 kernel with old style patch. > > Okay, I have a machine running 2.6 kernel patched with vserver 2.0, so > what can I help you on 2.6 kernel patched with vserver? > > I have tried and successed escape from vserver's guest by using the > expolits[2], and failed on the test of testfs.sh script[1], could you > please do both tests on your 2.4 kernel patched with old style patch to > confirm the is really a security problem. > > [1] http://vserver.13thfloor.at/Stuff/SCRIPT/testfs.sh-0.09 > [2] http://vserver.13thfloor.at/Stuff/rootesc.c
I'm not sure if this is related, but Bertl has found that the util-vserver packages in sarge don't work for most architectures. The util-vserver syscall stuff seems to do a compile-time check if the vserver syscall for a given architecture works, and if it does not, it falls back to the _i386_ syscall number. Bertl's tests also indicate that this problem still exists in sarge for some architectures. He has put together some of his tests at: http://vserver.13thfloor.at/Stuff/Debian/ (the util-vserver* files) If it turns out that this is not related we should probably file a separate bugreport about this issue, since it makes the util-vserver package useless on most architectures. Cheers, Christian Aichinger
signature.asc
Description: Digital signature
