On Tue, 25 Oct 2016 17:21:54 -0700 Akemi Yagi amyagi@gmail.com wrote:
On Tue, Oct 25, 2016 at 10:26 AM, Leon Fauster leonfauster@googlemail.com wrote:
Am 25.10.2016 um 15:39 schrieb Peter Kjellström cap@nsc.liu.se:
On Tue, 25 Oct 2016 10:06:12 +0200 Christian Anthon anthon@rth.dk wrote:
What is the best approach on centos 6 to mitigate the problem is officially patched? As far as I can tell Centos 6 is vulnerable to attacks using ptrace.
I can confirm that c6 is vulnerable, we're running a patched kernel (local build) using a rhel6 adaptation of the upstream fix.
Ask off-list if you want an src.rpm
Hi Peter, can you confirm that its this?
That is for the EL-7.2 kernel. Peter was offering a patch for CentOS 6.
RH released the patched kernel for EL-6.8 today. I have attached the diff file between 2.6.32-642.6.1.el6 and 2.6.32-642.6.2.el6. It is more complex because the 6 kernel is older, so required more mods, I suppose. Maybe that was the reason why the EL-6 update took longer than EL-7.
We also did a quick diff for the official c6 patch and it's almost but not quite what we were using as a quick fix.
/Peter