On Wednesday 15 May 2013 11:48:14 David C. Miller wrote: > For those who don't know yet here is the redhat bugzilla on this exploit. > > https://bugzilla.redhat.com/show_bug.cgi?id=962792 > > Does anyone know if CentOS 6 have the debug packages available to apply the > temp patch for this listed in the bugzilla link? An alternative to the somewhat complicated process of getting a full systemtap build environment running is to use precompiled modules. I've made mine available. Here are pros and cons: + only needs the base pkg systemtap-runtime + easy to deploy + disables perf as long as active (stops the vuln) - you got to trust me but: * I've signed this email with my normal key used previously on the list * I included md5sums - my systemtap fix is more blunt, disables perf_event_open completely - you need to be running a matching kernel (I built for -358.2.1 and 6.1) - you can't rename the .ko file Instructions: 1) get the .ko file matching your kernel (35821 for -358.2.1, ...) 2) check the md5sum 3) insert it with "# staprun -L ./perf_event_blocker_358?1.ko" 4) (optional) "perf stat true" should now fail with -14 5) (optionally to disable) "staprun -A" + Ctrl-C http://www.nsc.liu.se/~cap/perf_event_blocker_35821.ko http://www.nsc.liu.se/~cap/perf_event_blocker_35861.ko http://www.nsc.liu.se/~cap/perf_event_blocker.stp e721fcbdcd1f7616ddd11d41f4909545 perf_event_blocker_35821.ko a1a9819138bada0a1a7d9c21c6458510 perf_event_blocker_35861.ko 05f0bfd3030db4d4f4deb0fdc71b7fa3 perf_event_blocker.stp /Peter -- -= Peter Kjellström -= National Supercomputer Centre -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 198 bytes Desc: This is a digitally signed message part. URL: <http://lists.centos.org/pipermail/centos/attachments/20130516/f4f2a2ea/attachment-0005.sig>