Description Sune Kloppenborg Jeppesen (RETIRED) 2004-07-05 14:02:50 UTC

Description|
-----------+

While auditing and experimenting with VServer procfs and vproc security
we discovered a problem sharing permissions on the procfs mounted
directories:

Within any context users are still able to change permissions on /proc,
both access permission and ownership. That is just fine as many people
would like to restrict access to /proc to the root user or a group of
trusted users.

But as changes to a procfs mountpoint do not apply to the mountpoint
itself but to procfs in general, these changes affect all contexts
(VServers) and even the host system.

All tests were done against the stable branch (1.2x) but regarding to
Herbert Poetzl, the problem exists on both devel branches (1.3.x,
1.9.x), too.

Version 1.28 (stable branch) resolves this problem.