Bug#329090: marked as done (barrier not working, but chroot escape does on 2.4 kernel)

Fri, 02 Dec 2005 14:04:13 -0800 

Your message dated Fri, 02 Dec 2005 13:48:05 -0800
with message-id <[EMAIL PROTECTED]>
and subject line Bug#329090: fixed in util-vserver 0.30.209-1
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--------------------------------------
Received: (at submit) by bugs.debian.org; 19 Sep 2005 13:45:10 +0000
>From [EMAIL PROTECTED] Mon Sep 19 06:45:10 2005
Return-path: <[EMAIL PROTECTED]>
Received: from tlug.sinica.edu.tw (mail.linux.org.tw) [140.109.13.42] 
        by spohr.debian.org with esmtp (Exim 3.36 1 (Debian))
        id 1EHLxC-0003wy-00; Mon, 19 Sep 2005 06:45:07 -0700
Received: from localhost (localhost [127.0.0.1])
        by mail.linux.org.tw (Postfix) with ESMTP id EC779BC064;
        Mon, 19 Sep 2005 21:45:04 +0800 (CST)
Received: from mail.linux.org.tw ([10.0.0.3])
        by localhost (people [10.0.0.3]) (amavisd-new, port 10024) with LMTP
        id 05527-01; Mon, 19 Sep 2005 21:45:04 +0800 (CST)
Received: from tnlug.linux.org.tw (tnlug.linux.org.tw [140.109.13.50])
        by mail.linux.org.tw (Postfix) with ESMTP id CF5AABC063;
        Mon, 19 Sep 2005 21:45:04 +0800 (CST)
Received: by tnlug.linux.org.tw (Postfix, from userid 1001)
        id 816FE7F599; Mon, 19 Sep 2005 21:45:10 +0800 (CST)
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: Andrew Lee <[EMAIL PROTECTED]>
To: Debian Bug Tracking System <[EMAIL PROTECTED]>
Subject: util-vserver: barrier not working, but chroot escape does
X-Mailer: reportbug 3.17
Date: Mon, 19 Sep 2005 21:45:10 +0800
X-Debbugs-Cc: [EMAIL PROTECTED], [EMAIL PROTECTED],
        Debian Security Team <[EMAIL PROTECTED]>
Message-Id: <[EMAIL PROTECTED]>
X-Virus-Scanned: by amavisd-new-20030616-p10 (Debian) at linux.org.tw
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 
        (1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level: 
X-Spam-Status: No, hits=-11.0 required=4.0 tests=BAYES_00,HAS_PACKAGE,
        X_DEBBUGS_CC autolearn=ham version=2.60-bugs.debian.org_2005_01_02

Package: util-vserver
Version: 0.30.204-5sarge2
Severity: critical
Tags: sarge
Justification: root security hole

Dear Ola,

I found the util-vserver in sarge can not pass the test 109 and 121 of 
testfs.sh script[1] which provide by upstream author. After more tests, 
upstream author discoveried this is a security hole.

109 verifies that barrier was removed correctly, while 121 checks that
it was set correctly.

This bug is kernel-patch-vserver related, I have filed a bug to
kernel-patch-vserver that you may have a look.

Here is what I did in my tests:
# dd bs=1024k count=1024 if=/dev/zero of=1gb.test
# losetup /dev/loop4 ./1gb.test
# ./testfs.sh -l -t -D /dev/loop4 -M /mnt

[1] http://vserver.13thfloor.at/Stuff/SCRIPT/testfs.sh-0.09

PS. I confirmed the kernel-patch-vserver + linux-source-2.6.12 + 
    util-vserver in sid are passed the test of testfs.sh

-- System Information:
Debian Release: 3.1
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.4.27-10vserver
Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1)

Versions of packages util-vserver depends on:
ii  iproute                     20041019-3   Professional tools to control the 
ii  libc6                       2.3.2.ds1-22 GNU C Library: Shared libraries an
ii  libgcc1                     1:3.4.3-13   GCC support library
ii  libstdc++5                  1:3.3.5-13   The GNU Standard C++ Library v3
ii  net-tools                   1.60-10      The NET-3 networking toolkit

util-vserver recommends no packages.

-- no debconf information

---------------------------------------
Received: (at 329090-close) by bugs.debian.org; 2 Dec 2005 21:51:08 +0000
>From [EMAIL PROTECTED] Fri Dec 02 13:51:08 2005
Return-path: <[EMAIL PROTECTED]>
Received: from katie by spohr.debian.org with local (Exim 4.50)
        id 1EiIlB-0002Gv-Ry; Fri, 02 Dec 2005 13:48:05 -0800
From: Ola Lundqvist <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
X-Katie: $Revision: 1.60 $
Subject: Bug#329090: fixed in util-vserver 0.30.209-1
Message-Id: <[EMAIL PROTECTED]>
Sender: Archive Administrator <[EMAIL PROTECTED]>
Date: Fri, 02 Dec 2005 13:48:05 -0800
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 
        (1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level: 
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER 
        autolearn=no version=2.60-bugs.debian.org_2005_01_02

Source: util-vserver
Source-Version: 0.30.209-1

We believe that the bug you reported is fixed in the latest version of
util-vserver, which is due to be installed in the Debian FTP archive:

util-vserver_0.30.209-1.diff.gz
  to pool/main/u/util-vserver/util-vserver_0.30.209-1.diff.gz
util-vserver_0.30.209-1.dsc
  to pool/main/u/util-vserver/util-vserver_0.30.209-1.dsc
util-vserver_0.30.209-1_i386.deb
  to pool/main/u/util-vserver/util-vserver_0.30.209-1_i386.deb
util-vserver_0.30.209.orig.tar.gz
  to pool/main/u/util-vserver/util-vserver_0.30.209.orig.tar.gz



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Ola Lundqvist <[EMAIL PROTECTED]> (supplier of updated util-vserver package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Fri,  2 Dec 2005 17:26:39 +0100
Source: util-vserver
Binary: util-vserver
Architecture: source i386
Version: 0.30.209-1
Distribution: unstable
Urgency: low
Maintainer: Ola Lundqvist <[EMAIL PROTECTED]>
Changed-By: Ola Lundqvist <[EMAIL PROTECTED]>
Description: 
 util-vserver - tools for Virtual private servers and context switching
Closes: 329090 330529 338383
Changes: 
 util-vserver (0.30.209-1) unstable; urgency=low
 .
   * New upstream release.
     This fix a vserver escape problem on 2.4 kernel, closes: #329090.
   * Documented that xattrs is needed as a mount option on reiserfs,
     closes: #330529.
   * Remove two files on purge, closes: #338383.
Files: 
 626249ac2bef031d5e9b32efd2d3e89f 771 net optional util-vserver_0.30.209-1.dsc
 5721a959ddcd180e60e4829b5db15e99 769763 net optional 
util-vserver_0.30.209.orig.tar.gz
 081a879b366b59994f462a7799ba0990 162387 net optional 
util-vserver_0.30.209-1.diff.gz
 aedd0b22b9096677e496ea9a2dd4ca71 396778 net optional 
util-vserver_0.30.209-1_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)

iD8DBQFDkL4vGKGxzw/lPdkRAsYkAJ9TGXPImKTclPz8zpkVgtcBZUD8vQCdHCqt
3ZTGkkjCJDbmFmhh0Lm34co=
=iJxC
-----END PGP SIGNATURE-----


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Reply via email to