gmane.linux.vserver
http://permalink.gmane.org/gmane.linux.vserver
hourly11901-01-01T00:00+00:00Gmanehttp://gmane.org/img/gmane-25t.png
http://gmane.org
[build script for wheezy guest]
http://permalink.gmane.org/gmane.linux.vserver/20346
<pre>Hi,
I want to share my simple guest build script for wheezy:
http://linux-vserver.org/Wheezy-guest-build-scripts
If you have any other useful build scritps, share them on the wiki!
cheers,
Serge
</pre>Sergiusz Pawlowicz2013-05-18T22:51:17Re: Zero day privilege escalation exploit for kernels 2.6.37=>3.8.10(CVE-2013-2094)
http://permalink.gmane.org/gmane.linux.vserver/20345
<pre>Hi,
Linux PERF_EVENTS root exploit - CVE-2013-2094 (quick way to fix it)
http://arighi.blogspot.it/2013/05/linux-perfevents-root-exploit-cve-2013.html
Best regards,
</pre>Lukasz Czarnowski2013-05-17T15:04:44Mini-Kernel (was: Zero day privilege escalation exploit for kernels 2.6.37=>3.8.10 (CVE-2013-2094))
http://permalink.gmane.org/gmane.linux.vserver/20344
<pre>Hi Ben
Many thanks for your efforts.
I use your util-veserver packages but I am still currently using the
Debian Squeeze vsserver kernel.
I intend to move away from this kernel during the next phase of the
testing I am doing - either to yours or I will roll my own. It's years
since I needed to compile the kernel and I see that Linux is now about
10 times the size!
One thought occurs to me and I would be interested in the opinions of
others.
Basis is a suitable computer (x86_64) at one of the many server farms
world wide:
1. The base kernel should come from whatever the server supplier
recommends. He knows it supports his hardware, network etc. e.g. a
minimal Squeeze or Wheezy installation will do fine.
2. On this kernel load the kvm modules. Besides supporting the
hardware,lvm and starting one or more kvms this bare-metal kernel does
nothing.
3. Run vservers inside kvm.
This means that the kernel for the vservers can be vastly simplified.
Most of the server configuration is devoted to hardware which</pre>Allan Latham2013-05-17T13:33:52Re: Zero day privilege escalation exploit for kernels 2.6.37=>3.8.10 (CVE-2013-2094)
http://permalink.gmane.org/gmane.linux.vserver/20343
<pre>Quoting Ben Green <ben< at >bristolwireless.net>:
Done, kernels now ready for download from the Psand repositories.
Who'd have thought 3 characters in the whole of the kernels source
code could cause such a fuss. Package and metapackage examples are as
follows:
Package: linux-image-vserver-3.2-beng
Version: 3.2.44-2.3.2.16+squeeze1
Package: linux-image-3.2.44-vs2.3.2.16-beng
Source: linux-source-3.2.44-vs2.3.2.16-beng
Version: 0.2+squeeze1
Note particularly the version number.
Cheers,
Ben
</pre>Ben Green2013-05-17T09:38:03Re: Zero day privilege escalation exploit for kernels 2.6.37=>3.8.10 (CVE-2013-2094)
http://permalink.gmane.org/gmane.linux.vserver/20342
<pre>Quoting Eugen Leitl <eugen< at >leitl.org>:
Interesting thought Eugen, I'll think about that.
In other news, it was not possible to disable CONFIG_PERF_EVENT in the
3.2.44 kernel. There's a build in the Psand repos now that represents
my attempt to do that. You really can't disable it, CONFIG_X86=y turns
it on again, which obviously is something I can't turn off.
I'm rebuilding now with the relevant patch in place, a simple 1 liner.
I'll upload to the Psand repos in the morning.
Cheers,
Ben
</pre>Ben Green2013-05-16T22:12:23Re: Zero day privilege escalation exploit for kernels 2.6.37=>3.8.10 (CVE-2013-2094)
http://permalink.gmane.org/gmane.linux.vserver/20341
<pre>
By the way, thanks for all the work. In case you have a
tip jar, I'm sure your grateful users would contribute.
</pre>Eugen Leitl2013-05-16T11:15:45Re: Zero day privilege escalation exploit for kernels 2.6.37=>3.8.10 (CVE-2013-2094)
http://permalink.gmane.org/gmane.linux.vserver/20340
<pre>Quoting Sergiusz Pawlowicz <sergiusz< at >pawlowicz.name>:
I'm still rolling kernels for Precise Pangolin.
Cheers,
Ben
</pre>Ben Green2013-05-16T10:58:13Re: Zero day privilege escalation exploit for kernels 2.6.37=>3.8.10 (CVE-2013-2094)
http://permalink.gmane.org/gmane.linux.vserver/20339
<pre>great, please remember about ubuntu kernels as well, ben!
s.
</pre>Sergiusz Pawlowicz2013-05-16T10:40:27Re: Zero day privilege escalation exploit for kernels 2.6.37=>3.8.10 (CVE-2013-2094)
http://permalink.gmane.org/gmane.linux.vserver/20338
<pre>Quoting Jean Weisbuch <jean< at >phpnet.org>:
The next version will have that config re-enabled. I'll do this when
there's a mainline kernl and a Linux-vserver patch available.
Anyone who wants to use perf in the mean time will need to stick with
the older kernel.
Cheers,
Ben
</pre>Ben Green2013-05-16T10:31:45Re: Zero day privilege escalation exploit for kernels 2.6.37=>3.8.10 (CVE-2013-2094)
http://permalink.gmane.org/gmane.linux.vserver/20337
<pre>Hi,
Thanks for the quick response.
About the PERF_EVENTS, I dont think that disabling it in the long run is
the best operation as perf is a very powerful and useful tool.
Regards,
*Jean Weisbuch*
System and Network Administrator | *Predictys* | _www.predictys.fr
<http://www.predictys.fr/>_
Le 16/05/2013 10:50, Ben Green a écrit :
</pre>Jean Weisbuch2013-05-16T09:03:14Re: Zero day privilege escalation exploit for kernels 2.6.37=>3.8.10 (CVE-2013-2094)
http://permalink.gmane.org/gmane.linux.vserver/20336
<pre>Quoting Sergiusz Pawlowicz <sergiusz< at >pawlowicz.name>:
I'm re-compiling without CONFIG_PERF_EVENTS right now.
Cheers,
Ben
</pre>Ben Green2013-05-16T08:50:40Re: Zero day privilege escalation exploit for kernels 2.6.37=>3.8.10 (CVE-2013-2094)
http://permalink.gmane.org/gmane.linux.vserver/20335
<pre>
do we need PERF_EVENTS in the kernel at all? i would recon to remove it.
s.
</pre>Sergiusz Pawlowicz2013-05-14T23:51:19Re: Zero day privilege escalation exploit for kernels 2.6.37=>3.8.10 (CVE-2013-2094)
http://permalink.gmane.org/gmane.linux.vserver/20334
<pre>Quoting Sergiusz Pawlowicz <sergiusz< at >pawlowicz.name>:
Should I be re-compiling with 3.2.44 right now, or should I wait for a
patch/mainline fix?
This I'll start compiling anyway!
Cheers,
Ben
</pre>Ben Green2013-05-14T23:30:27Re: Zero day privilege escalation exploit for kernels 2.6.37=>3.8.10 (CVE-2013-2094)
http://permalink.gmane.org/gmane.linux.vserver/20333
<pre>on 3.2.42-vs2.3.2.16-beng if you run semtex.c in a guest with VIRT_MEM
- server is being restarted at once, but no root.
s.
</pre>Sergiusz Pawlowicz2013-05-14T22:49:53Re: Zero day privilege escalation exploit for kernels 2.6.37=>3.8.10 (CVE-2013-2094)
http://permalink.gmane.org/gmane.linux.vserver/20332
<pre>ps: this very exploit can be blocked by setting the sysctl
kernel.perf_event_paranoid value to 2.
Le 15/05/2013 00:04, Jean Weisbuch a écrit :
</pre>Jean Weisbuch2013-05-14T22:10:18Zero day privilege escalation exploit for kernels 2.6.37=>3.8.10 (CVE-2013-2094)
http://permalink.gmane.org/gmane.linux.vserver/20331
<pre>Hi,
The semtex.c exploit released today permit any user on the host to gain
root privileges, i confirm that it works on a 3.2.42-vs2.3.2.16-beng
kernel but it doesnt work (at least not "out of the box") on a VServer
guest with "normal" capabilities/flags used.
Note that the exploit must be compiled with -O2 in order to work.
More infos and the exploit code :
http://packetstormsecurity.com/files/121616/semtex.c
Regards,
Jean Weisbuch
</pre>Jean Weisbuch2013-05-14T22:04:15RE: AW: Ubuntu question
http://permalink.gmane.org/gmane.linux.vserver/20330
<pre>That's what happens when speed-answering e-mails before weekend: attachment was missing.
So here it is.
</pre>Fiedler Roman2013-05-10T15:34:37AW: AW: Ubuntu question
http://permalink.gmane.org/gmane.linux.vserver/20329
<pre>
You can find the two main scripts and a config template attached. The "BuildVserver..." is executed from outside, the "Init.." is one of te first to be executed inside the vserver.
Roman
</pre>Fiedler Roman2013-05-10T15:30:27Re: Upstart advice for Ubuntu Precise
http://permalink.gmane.org/gmane.linux.vserver/20328
<pre>
i would love to but as all services now run under upstart and that the
next LTS will surely have issue there i think we will have bigger issue
if we stick to a systeme that is no longer used by the creator of this
linux distro. I am fairly new to ubuntu and upstart adn allready managed
to crash my test server so i rebuild everythign and try again, we will
see if it works. The funny thing is that upstart seem to have some lxc
thingy perhaps we can use that for vserver too.
If there is no way then there is no way :p
Ghislain.
</pre>Ghislain2013-05-10T14:32:02Re: Ubuntu question
http://permalink.gmane.org/gmane.linux.vserver/20327
<pre>Le 09/05/2013 06:42, Sandino Araico Sánchez a écrit :
thanks, will continue to test and try to update the wiki with my findings :)
Ghislain.
</pre>Ghislain2013-05-09T22:53:08Re: AW: Ubuntu question
http://permalink.gmane.org/gmane.linux.vserver/20326
<pre>Le 09/05/2013 16:25, Ghislain a écrit :
well with this it seems to work:
vserver testubuntu \
build --i-know-its-there --force -m debootstrap --context 40999
--hostname testubuntu.whatever.net -- \
-d precise -m http://ftp.free.fr/mirrors/ftp.ubuntu.com/ubuntu/ -- \
--components=main,universe --arch=amd64 --include=nano,rsync,sudo,vim,tcsh ;
playing with it now and it runs, i had to
echo 'plain' > /etc/vservers/testubuntu/apps/init/style
like the upstart page says.
more tests to come, i don't know what make me failed the first time,
perhaps the universe thing as i use special defaults where packages are
not included in the main repository.
Regards,
Ghislain.
</pre>Ghislain2013-05-09T22:51:55Search EngineSearch the mailing list at Gmanequery
http://search.gmane.org/?group=$group=gmane.linux.vserver