[CentOS] Heads up on local root escalation

Tue May 13 06:41:38 UTC 2014
James Hogarth <james.hogarth at gmail.com>

On 12 May 2014 22:15, "Keith Keller" <kkeller at wombat.san-francisco.ca.us>
wrote:
> Actually, I was wondering about mitigation along the lines of
> blacklisting a module, tuning a sysctl parameter, or some other
> mitigation that wouldn't require a new kernel.  Perhaps such mitigation
> isn't even possible with this issue.
>

Yeah I've not seen any mitigations that would work for CentOS.

I wonder if a systemtap module would be feasible like that one a few months
or so ago.

For the time being I guess that doubly vigilant is important.