Bug#329087: kernel-patch-vserver: be able to do chroot escape

2005-10-09 Thread micah
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 > Can confirm this. Works on debian kernel 2.4.27 with applied patch: > Virtual private servers and security contexts (vserver), from package > kernel-patch-ctx, version 2:1.2.10-1 What debian kernel-source revision are you using? Also, you are usi

Bug#329087: kernel-patch-vserver: be able to do chroot escape

2005-10-06 Thread Alexei Chetroi
Hi, Can confirm this. Works on debian kernel 2.4.27 with applied patch: Virtual private servers and security contexts (vserver), from package kernel-patch-ctx, version 2:1.2.10-1 http://vserver.13thfloor.at/Stuff/rootesc.c exploit works. I'm able to escape chroot and access filesystem at

Bug#329087: kernel-patch-vserver: be able to do chroot escape

2005-09-30 Thread Andrew Lee
Dear Micah, Thank you for your replies, I merged the three replies in one here for you. :) 在 2005/9/30 上午 5:36 時,Micah 寫到: Please tell me how you run this script and what failures you get, also this is a destructive test, correct? The test require a loopback file or an empty partition, I

Bug#329087: kernel-patch-vserver: be able to do chroot escape

2005-09-29 Thread Micah
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 When I said this: >This is not what I get on my i386 system: ># showattr -d /var/lib/vservers//.. >- ---bui- /big/vservers//.. This was expected because this was actually a symlink, if I perform the showattr on the actual directory I get this

Bug#329087: kernel-patch-vserver: be able to do chroot escape

2005-09-29 Thread Micah
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Micah wrote: >>>ssh into a guest and then starting the root exploit[2] inside a guest now >>>gives: Exploit seems to work. =) > > > sshing into a guest on my system and running that root exploit gives: > mkdir baz: Permission denied > chroot baz:

Processed: Re: Bug#329087: kernel-patch-vserver: be able to do chroot escape

2005-09-29 Thread Debian Bug Tracking System
Processing commands for [EMAIL PROTECTED]: > tag 329087 +moreinfo Bug#329087: kernel-patch-vserver: be able to do chroot escape Tags were: sarge Tags added: moreinfo > thanks Stopping processing here. Please contact me if you need assistance. Debian bug tracking system adminis

Bug#329087: kernel-patch-vserver: be able to do chroot escape

2005-09-29 Thread Micah
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 tag 329087 +moreinfo thanks Andrew Lee wrote: > I found the kernel-patch-vserver and util-vserver in sarge can not pass > the testfs.sh script[1] which provide by upstream author. Please tell me how you run this script and what failures you get, al

Bug#329087: kernel-patch-vserver: be able to do chroot escape

2005-09-19 Thread Andrew Lee
Package: kernel-patch-vserver Severity: critical Tags: sarge Justification: root security hole Dear maintainer(s), I found the kernel-patch-vserver and util-vserver in sarge can not pass the testfs.sh script[1] which provide by upstream author. After some more tests, upstream author discoveryed t