Hello,
the stable version 1.0-1 of ScramDisk for Linux has been released.
It fixes two vulnerabilities by which a normal user could obtain
root privileges. Now, for normal users, containers are mounted in
a way such that the execution of programs with setuid-bit from
within the container is inhibited. Moreover, version 1.0-1 forbids
mounting a container on a mount point to which the user has no
write access. This is so, because otherwise a normal user could
mount his container over a system directory and thereby replace
system files with his own ones. We advise every user of SD4L to
update to version 1.0-1.
As version 1.0-0, version 1.0-1 opens and creates TrueCrypt
containers as well as ScramDisk containers. The supported format
of TrueCrypt containers is that of TrueCrypt version 4.1 or later
using the LRW mode. Moreover, ScramDisk 1.0-1 can encrypt devices
such as partitions on a hard disk or storage media entirely
without indirection by a container file.
Packages for Debian 3.1 (Sarge) and 4.0 (Etch), Ubuntu 6.06
and 6.10, Fedora Core5 and Core6 and SUSE 9.3, 10.0, 10.1
and 10.2 are provided for i386 and AMD64 architectures.
Best regards
Ulrich
|
