Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 56171 - sys-kernel/vserver-sources Context procfs shared permissions flaw
Summary: sys-kernel/vserver-sources Context procfs shared permissions flaw
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Kernel (show other bugs)
Hardware: All All
: High normal (vote)
Assignee: Gentoo Security
Whiteboard: [ Upstream ]
Depends on:
Reported: 2004-07-05 14:02 UTC by Sune Kloppenborg Jeppesen (RETIRED)
Modified: 2011-10-30 22:42 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2004-07-05 14:02:50 UTC

While auditing and experimenting with VServer procfs and vproc security
we discovered a problem sharing permissions on the procfs mounted

Within any context users are still able to change permissions on /proc,
both access permission and ownership. That is just fine as many people
would like to restrict access to /proc to the root user or a group of
trusted users.

But as changes to a procfs mountpoint do not apply to the mountpoint
itself but to procfs in general, these changes affect all contexts
(VServers) and even the host system.

All tests were done against the stable branch (1.2x) but regarding to
Herbert Poetzl, the problem exists on both devel branches (1.3.x,
1.9.x), too.

Version 1.28 (stable branch) resolves this problem.
Comment 1 Tim Yamin (RETIRED) gentoo-dev 2004-07-07 11:23:24 UTC
I'm waiting for the upstream VServer depelopers to release a fixed version of the 1.3 branch, I'll add it in when they do...
Comment 2 Tim Yamin (RETIRED) gentoo-dev 2004-07-09 06:15:23 UTC
Removed the development branch and added in 1.28; closing this bug as FIXED. I'll address this issue in the next batch of kernel announcements...