Linux VServer procfs Permission Weakness

Grok Headline matches for Linux VServer procfs Permission Weakness

Re: aterm 0.4.2 tty permission weakness

Re: aterm 0.4.2 tty permission weakness 07/15/2004 03:10 PM
Armin Wolfermann (Jul 14 2004)

aterm 0.4.2 tty permission weakness

aterm 0.4.2 tty permission weakness 07/13/2004 06:40 PM
Maarten Tielemans (Jul 13 2004)

Re: [security] aterm 0.4.2 tty
permission weakness

Re: [security] aterm 0.4.2 tty
permission weakness 07/15/2004 05:20 PM
lorenzo (Jul 14 2004)

Linux-VServer 1.9.5 (Linux 2.6
Development branch)

Linux-VServer 1.9.5 (Linux 2.6
Development branch) 03/24/2005 05:25 AM
Linux-VServer allows you to create virtual private servers and security contexts which operate like a normal Linux server, but allow many independent servers to be run simultaneously in one box at full speed. All services, such as ssh, mail, Web, and databases, can be started on such a VPS, without modification, just like on any real server. Each virtual server has its own user account database and root password and doesn't interfere with other virtual servers.

---

Changes:
A small bug in IPv6 hiding was fixed, a memory leak in an error path was removed, and a mysterious double allocation issue in x25 was fixed. iunlink and barrier update for XFS as well as the proc/mounts virtualization were corrected. A new claim/release scheme replaces the double refcounting. Legacy support was separated, and a bunch of new limits/accountings were added (anon_rss, locks, shm, forks). A new ccap that protects network mounts was added. Compile time information was added to the proc info.

Linux VServer 1.9.5

Linux VServer 1.9.5 03/25/2005 09:18 PM
Technology News Daily Mar 26 2005 2:06AM GMT

Linux-VServer 1.00

Linux-VServer 1.00 11/02/2003 02:09 PM
A system for running general purpose virtual servers on one box at full speed.

Linux-VServer 0.07 (Experimental)

Linux-VServer 0.07 (Experimental) 02/13/2004 07:58 PM
A system for running general purpose virtual servers on one box at full speed.

Linux-VServer 1.3.3 (Development)

Linux-VServer 1.3.3 (Development) 01/04/2004 01:34 AM
A system for running general purpose virtual servers on one box at full speed.

Linux-VServer 1.1.1 (Development)

Linux-VServer 1.1.1 (Development) 11/12/2003 05:42 PM
A system for running general purpose virtual servers on one box at full speed.

Linux-VServer 1.3.1 (Development)

Linux-VServer 1.3.1 (Development) 12/26/2003 03:02 PM
A system for running general purpose virtual servers on one box at full speed.

Linux-VServer 1.3.6 (Development)

Linux-VServer 1.3.6 (Development) 01/23/2004 07:42 PM
A system for running general purpose virtual servers on one box at full speed.

Linux-VServer 1.3.0 (Development)

Linux-VServer 1.3.0 (Development) 12/10/2003 11:21 PM
A system for running general purpose virtual servers on one box at full speed.

Linux-VServer 1.22 (Stable)

Linux-VServer 1.22 (Stable) 12/13/2003 05:23 PM
A system for running general purpose virtual servers on one box at full speed.

Linux-VServer 1.1.3 (Development)

Linux-VServer 1.1.3 (Development) 11/16/2003 12:15 AM
A system for running general purpose virtual servers on one box at full speed.

Linux-VServer 1.1.4 (Development)

Linux-VServer 1.1.4 (Development) 11/18/2003 07:54 PM
A system for running general purpose virtual servers on one box at full speed.

Linux Virtual Server/Secure Context
procfs shared permissions flaw

Linux Virtual Server/Secure Context
procfs shared permissions flaw 07/05/2004 12:44 PM
Veit Wahlich (Jul 03 2004)

Solaris-Procfs-0.25

Solaris-Procfs-0.25 03/19/2003 10:42 PM

Solaris-Procfs-0.24

Solaris-Procfs-0.24 03/19/2003 10:42 PM

Insecure handling of procfs descriptors
in UnixWare 7.1.1, 7.1.3 and Open UNIX
8.0.0 can lead to local privilege
escalation.

Insecure handling of procfs descriptors
in UnixWare 7.1.1, 7.1.3 and Open UNIX
8.0.0 can lead to local privilege
escalation. 11/12/2003 01:14 PM
advisories(-at-)texonet.com (Nov 12 2003)

"used without permission. please don't
sue us."

"used without permission. please don't
sue us." 02/10/2004 02:53 AM
A Peanuts (re)Mix.

Permission Marketing

Permission Marketing 05/24/2002 11:27 AM

SiniS 0.1a (Permission GUI)

SiniS 0.1a (Permission GUI) 08/29/2004 03:47 AM
A CVS user access and operations permission tool.

TiVo Gets Permission To Innovate

TiVo Gets Permission To Innovate 08/04/2004 01:33 PM
While it's good news that the FCC has given TiVo permission to offer their TiVoToGo service it still raises serious questions about why any company should need to ask for permission to offer an innovative service? It sets a bad precedent for the entire industry.

how to implement a permission system in
a CMS ?

how to implement a permission system in
a CMS ? 01/22/2003 06:39 PM
I'm currently coding (yet another) content management system with PHP/MySQL. As any modern CMS, mine got users. Now I need to implement the 'permissions' system. Basically it's a flag recorded in the database, allowing or not user 'x' to do action 'y' on the website. I can see every 'piece of information' in a CMS as an 'element'. That is, blogs of course, links, files, users, all is recorded in the same table with a 'type' attribute describing element type and allowing code to fetch and display correctly the element content.

SiniS alpha (Permission GUI)

SiniS alpha (Permission GUI) 06/21/2004 07:36 AM
A CVS user access and operations permission tool.

Windows XP SP1 Share Permission Changes

Windows XP SP1 Share Permission Changes 05/25/2004 10:18 PM

Why new US passports can be read without
permission

Why new US passports can be read without
permission 04/14/2005 12:47 PM
Cory Doctorow: Yesterday at the Computers, Freedom and Privacy conference in Seattle, Ed Felten cornered a State Department Fed who was there to advocate for passports enabled with RFID chips that will make it possible to track Americans as they wander the streets of foreign cities, and for terrorists and crooks to target American citizens by detecting the signature radio-pulses their passports give off. Ed asked the Fed why the US needed remotely readable passports, instead of passports with smart-cards or other "contact-read" technologies in them? The Fed's responses are hilariously lame:

In the Q&A session, I asked Mr. Moss directly why the decision was made to use a remotely readable chip rather than one that can only be read by physical contact. Technically, this decision is nearly indefensible, unless one wants to be able to read passports without notifying their owners -- which, officially at least, is not a goal of the U.S. government's program. Mr. Moss gave a pretty weak answer, which amounted to an assertion that it would have been too difficult to agree on a standard for contact-based reading of passports. This wasn't very convincing, since the smart-card standard could be applied to passports nearly as-is -- the only change necessary would be to specify exactly where on the passport the smart-card contacts would be. The standardization and security problems associated with contactless cards seem to be much more serious.

After the panel, I discussed this issue with Kenn Cukier of The Economist, who has followed the development of this technology for a while and has a good perspective on how we reached the current state. It seems that the decision to use contactless technology was made without fully understanding its consequences, relying on technical assurances from people who had products to sell. Now that the problems with that decision have become obvious, it's late in the process and would be expensive and embarrassing to back out. In short, this looks like another flawed technology procurement program.

Link

Why Does TiVo Need Permission To
Innovate?

Why Does TiVo Need Permission To
Innovate? 08/02/2004 04:42 AM
A couple weeks ago, we had the story of the MPAA and the NFL trying to force TiVo to stop its plans to add new features to their devices that would let a user send a recorded program to another device. While we discussed why this was a ridiculous move by both the MPAA and the NFL, a reporter at the Washington Post is now going one step further and pointing out that the real travesty is the fact that TiVo suddenly needs to ask permission from the government to innovate. The ability of companies to continually innovate and reinvent markets based on free and open competition is what helps drive this economy. When companies need to ask permission to add innovative features, and that permission needs to go through other companies, we're destroying our ability to innovate competitively. Instead, companies outside of this country will build new systems with features that consumers actually want, while systems here are held back by regulations that serve no other purpose than to protect an adjacent industry that refuses to change with the times. It's the worst form of protectionism -- since no one will even admit that it's protectionism. And, like all attempts at protectionism, the end result will be much worse for those these rules supposedly protect.

Permission-Free Prison

Permission-Free Prison 05/16/2004 07:55 AM
Fascinating article by Seymour "Next Pulitzer a-Comin'" Hersh in this week's New Yorker. It alleges that the abuses at Abu Ghraib happened because a "special-access program" established by Rumsfeld to authorize quick-response kill/capture/interrogate operations took hold there. Hersh does not allege that Rumsfeld knew of or authorized the particular abuses, only that his program of secret, rough interrogation enabled them. But it's a far more nuanced article than I'm letting on. And, of course, it's well-told....

UnixWare 7.1.3 Open UNIX 8.0.0 UnixWare
7.1.1 : Insecure handling of procfs
descriptors in UnixWare can lead to
local privilege escalation.

UnixWare 7.1.3 Open UNIX 8.0.0 UnixWare
7.1.1 : Insecure handling of procfs
descriptors in UnixWare can lead to
local privilege escalation. 11/12/2003 01:14 PM
security_at_sco.com (Nov 12 2003)

Permission-only e-mail scheme says no to
spam

Permission-only e-mail scheme says no to
spam 04/09/2005 07:58 AM
Chicago Tribune Apr 9 2005 11:20AM GMT

IBM DB2 Windows Permission Problems
(#NISR05012005F)

IBM DB2 Windows Permission Problems
(#NISR05012005F) 01/05/2005 06:39 PM
NGSSoftware Insight Security Research (Jan 05 2005)

Unsecure file permission of ZoneAlarm
pro.

Unsecure file permission of ZoneAlarm
pro. 08/20/2004 04:07 PM
Bipin Gautam (Aug 19 2004)

Re: Unsecure file permission of
ZoneAlarm pro.

Re: Unsecure file permission of
ZoneAlarm pro. 08/27/2004 01:32 PM
Bipin Gautam (Aug 22 2004)

Giving and receiving authorization and
permission

Giving and receiving authorization and
permission 04/09/2004 04:02 PM
We've been exploring the key concepts of identity management as promulgated by the Open Group in a recent white paper (link below). Today our topic is authorization and permission management.

Core Technology Exports Need Permission

Core Technology Exports Need Permission 09/19/2004 04:01 AM
Hankooki Sep 19 2004 8:37AM GMT

Intel shows weakness

Intel shows weakness 09/02/2004 04:10 PM
ZDNet Sep 2 2004 9:00PM GMT

Serious TCP Weakness Identified
(26-Apr-2004; 10.4K)

Serious TCP Weakness Identified
(26-Apr-2004; 10.4K) 04/26/2004 09:53 PM

Sales Weakness From InterMune

Sales Weakness From InterMune 04/30/2004 01:43 PM
Actimmune is stumbling without data to support its use.
Grok Description matches for Linux VServer procfs Permission Weakness
GrokA matches for Linux VServer procfs Permission Weakness

Linux VServer procfs Permission Weakness

The following phrases have been identified by the grok system as matching this entry: