Menu
▾
▴
[SD4L-devel] ScramDisk for Linux 1.0-1 released
|
From: Hans-Ulrich J. <han...@t-...> - 2007-04-15 15:05:56
|
Hello, the stable version 1.0-1 of ScramDisk for Linux has been released. It fixes two vulnerabilities by which a normal user could obtain root privileges. Now, for normal users, containers are mounted in a way such that the execution of programs with setuid-bit from within the container is inhibited. Moreover, version 1.0-1 forbids mounting a container on a mount point to which the user has no write access. This is so, because otherwise a normal user could mount his container over a system directory and thereby replace system files with his own ones. We advise every user of SD4L to update to version 1.0-1. As version 1.0-0, version 1.0-1 opens and creates TrueCrypt containers as well as ScramDisk containers. The supported format of TrueCrypt containers is that of TrueCrypt version 4.1 or later using the LRW mode. Moreover, ScramDisk 1.0-1 can encrypt devices such as partitions on a hard disk or storage media entirely without indirection by a container file. Packages for Debian 3.1 (Sarge) and 4.0 (Etch), Ubuntu 6.06 and 6.10, Fedora Core5 and Core6 and SUSE 9.3, 10.0, 10.1 and 10.2 are provided for i386 and AMD64 architectures. Best regards Ulrich |
