[CentOS] CVE-2013-2094 and CentOS 6.x
Peter Kjellström
cap at nsc.liu.se
Thu May 16 08:41:25 UTC 2013
On Wednesday 15 May 2013 11:48:14 David C. Miller wrote:
> For those who don't know yet here is the redhat bugzilla on this exploit.
>
> https://bugzilla.redhat.com/show_bug.cgi?id=962792
>
> Does anyone know if CentOS 6 have the debug packages available to apply the
> temp patch for this listed in the bugzilla link?
An alternative to the somewhat complicated process of getting a full systemtap
build environment running is to use precompiled modules. I've made mine
available. Here are pros and cons:
+ only needs the base pkg systemtap-runtime
+ easy to deploy
+ disables perf as long as active (stops the vuln)
- you got to trust me but:
* I've signed this email with my normal key used previously on the list
* I included md5sums
- my systemtap fix is more blunt, disables perf_event_open completely
- you need to be running a matching kernel (I built for -358.2.1 and 6.1)
- you can't rename the .ko file
Instructions:
1) get the .ko file matching your kernel (35821 for -358.2.1, ...)
2) check the md5sum
3) insert it with "# staprun -L ./perf_event_blocker_358?1.ko"
4) (optional) "perf stat true" should now fail with -14
5) (optionally to disable) "staprun -A" + Ctrl-C
http://www.nsc.liu.se/~cap/perf_event_blocker_35821.ko
http://www.nsc.liu.se/~cap/perf_event_blocker_35861.ko
http://www.nsc.liu.se/~cap/perf_event_blocker.stp
e721fcbdcd1f7616ddd11d41f4909545 perf_event_blocker_35821.ko
a1a9819138bada0a1a7d9c21c6458510 perf_event_blocker_35861.ko
05f0bfd3030db4d4f4deb0fdc71b7fa3 perf_event_blocker.stp
/Peter
--
-= Peter Kjellström
-= National Supercomputer Centre
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.centos.org/pipermail/centos/attachments/20130516/f4f2a2ea/attachment.sig>
More information about the CentOS
mailing list