在 2005/10/2 上午 5:52 時,Ola Lundqvist 寫到:
I have now tested on one of my systems and that I have a security
problem there.
On the other system (2.4.26 + grsec) the problem do not exist. So
I'm not
sure if I can confim or deny this.
How did you tested and found what kind of security problem?
I assume you found you couldn't pass the test 109,121 of testfs.sh
script, right?
Let me quote the explanation from upstream:
<quote>
23:51 < Bertl> 109 and 121 indicate that the barrier is not working ...
23:52 < Bertl> -> minor issue with namespaces, major chroot security
issue with
legacy guests
</quote>
It would be really good if you could install the sarge util-vserver
on the
sid kernel-patch-vserver + linux-source-2.6.12 system to see if
this is a
problem with util-vserver or with the kernel patches.
I tested that several days ago, I was upgraded kernel on my system
first and then I got the same fails from the test of testfs.sh script
again.
I have upgraded to 0.30.208-2, I still got the same fails on i386,
but no errors on powerpc after I rebuilt the util-vserver package
from source.
Here is how I did the test and what I got on an i386 machine:
# testfs.sh -l -t -D /dev/loop4 -M /mnt
Linux-VServer FS Test [V0.09] Copyright (C) 2005 H.Poetzl
Linux 2.6.12-6vs2-p4smp i686/0.30.208
VCI: 0002:0001 273 03000076 (ugid24)
---
testing ext2 filesystem ...
[000]. xattr related tests ...
[101]. [102]. [103]* [104]* [106]. [108]. [109]*
[112]. [113]* [114]* [115]. [116]. [117]. [118]. [119]*
[121]* [122]* [123]* [124]* [199].
---
testing ext3 filesystem ...
[000]. xattr related tests ...
[101]. [102]. [103]* [104]* [106]. [108]. [109]*
[112]. [113]* [114]* [115]. [116]. [117]. [118]. [119]*
[121]* [122]* [123]* [124]* [199].
---
testing xfs filesystem ...
[000]* (xfs format failed)
---
testing reiser filesystem ...
[000]* (reiser format failed)
---
testing jfs filesystem ...
[000]* (jfs format failed)
-Andrew
