[EMAIL PROTECTED] (Benedikt Böhm) writes: > With regard to the /dev/pts issue on "vserver <name> enter" i have ported > the vlogin application from vserver-utils to util-vserver-0.30.210
Mmmh... without looking at the complete code, doing operations in the shown order is insecure: > + if (vc_ctx_migrate(opts.xid) == -1) > + PEXIT("Failed to migrate to context", EXIT_COMMAND); > + ... > + if (chroot(".") == -1) > + PEXIT("Failed to chroot to cwd", EXIT_COMMAND); Attacker in context could ptrace the process between both commands and would get access to the host's /-filesystem. Enrico
pgpTK4aq2QmLx.pgp
Description: PGP signature
_______________________________________________ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver