« Return to Thread: vserver path leak?
vserver path leak?
by Karl Goetz-4
::
Rate this Message:
Hi all,
An email I meant to send some weeks but, but forgot until the other
vserver thread came up.
I'm wondering if this is a security issue worth worrying over.
Situation:
- Host is testing, running 2.6.26-2-vserver-686
- both vservers are running stable
In one vserver I had cd'd into /root/icecat, and built a package. I
decided I wanted the package in the other vserver, so I moved it from
the host system into the /root/ directory in the 2nd vserver.
`mv /var/lib/vservers/autobuilders/root/icecat/ /var/lib/vservers/buildvserver/root/`
when I cd'd out of /root/icecat in the first vserver, I was presented
with something that looked like a combination of both paths:
/var/lib/vservers/autobuilders/lib/vservers/buildvserver
The suggestion in #vserver was "if you manage to get a host path on a
recent (non broken, i.e. non-debian :) kernel and util-vserver, then it
is considered a bug and will be fixed ASAP ... because that basically
means that the namespace isolation is not working properly"
Is this a valid bug? Is there some debianisms involved that could cause
the issues, or is it just another upstream who doesnt like "unoffical"
packages? :)
kk
--
Karl Goetz, (Kamping_Kaiser / VK5FOSS)
Debian contributor / gNewSense Maintainer
http://www.kgoetz.id.au
No, I won't join your social networking group
An email I meant to send some weeks but, but forgot until the other
vserver thread came up.
I'm wondering if this is a security issue worth worrying over.
Situation:
- Host is testing, running 2.6.26-2-vserver-686
- both vservers are running stable
In one vserver I had cd'd into /root/icecat, and built a package. I
decided I wanted the package in the other vserver, so I moved it from
the host system into the /root/ directory in the 2nd vserver.
`mv /var/lib/vservers/autobuilders/root/icecat/ /var/lib/vservers/buildvserver/root/`
when I cd'd out of /root/icecat in the first vserver, I was presented
with something that looked like a combination of both paths:
/var/lib/vservers/autobuilders/lib/vservers/buildvserver
The suggestion in #vserver was "if you manage to get a host path on a
recent (non broken, i.e. non-debian :) kernel and util-vserver, then it
is considered a bug and will be fixed ASAP ... because that basically
means that the namespace isolation is not working properly"
Is this a valid bug? Is there some debianisms involved that could cause
the issues, or is it just another upstream who doesnt like "unoffical"
packages? :)
kk
--
Karl Goetz, (Kamping_Kaiser / VK5FOSS)
Debian contributor / gNewSense Maintainer
http://www.kgoetz.id.au
No, I won't join your social networking group
signature.asc (204 bytes) « Return to Thread: vserver path leak?
| Free embeddable forum powered by Nabble | Forum Help |
