[CentOS] CVE-2013-2094 and CentOS 6.x

Thu May 16 08:41:25 UTC 2013
Peter Kjellström <cap at nsc.liu.se>

On Wednesday 15 May 2013 11:48:14 David C. Miller wrote:
> For those who don't know yet here is the redhat bugzilla on this exploit.
> 
> https://bugzilla.redhat.com/show_bug.cgi?id=962792
> 
> Does anyone know if CentOS 6 have the debug packages available to apply the
> temp patch for this listed in the bugzilla link?

An alternative to the somewhat complicated process of getting a full systemtap 
build environment running is to use precompiled modules. I've made mine 
available. Here are pros and cons:

+ only needs the base pkg systemtap-runtime
+ easy to deploy
+ disables perf as long as active (stops the vuln)

- you got to trust me but:
 * I've signed this email with my normal key used previously on the list
 * I included md5sums
- my systemtap fix is more blunt, disables perf_event_open completely
- you need to be running a matching kernel (I built for -358.2.1 and 6.1)
- you can't rename the .ko file

Instructions:
 1) get the .ko file matching your kernel (35821 for -358.2.1, ...)
 2) check the md5sum
 3) insert it with "# staprun -L ./perf_event_blocker_358?1.ko"

 4) (optional) "perf stat true" should now fail with -14
 5) (optionally to disable) "staprun -A" + Ctrl-C

http://www.nsc.liu.se/~cap/perf_event_blocker_35821.ko
http://www.nsc.liu.se/~cap/perf_event_blocker_35861.ko
http://www.nsc.liu.se/~cap/perf_event_blocker.stp

e721fcbdcd1f7616ddd11d41f4909545  perf_event_blocker_35821.ko
a1a9819138bada0a1a7d9c21c6458510  perf_event_blocker_35861.ko
05f0bfd3030db4d4f4deb0fdc71b7fa3  perf_event_blocker.stp

/Peter

-- 
-= Peter Kjellström
-= National Supercomputer Centre
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.centos.org/pipermail/centos/attachments/20130516/f4f2a2ea/attachment-0005.sig>