Re: local root exploit

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



Akemi Yagi wrote:
On Feb 11, 2008 10:52 AM, Scott McClanahan
<scott.mcclanahan@xxxxxxxxxxxx> wrote:

On Mon, 2008-02-11 at 10:45 -0800, Akemi Yagi wrote:

We have to wait and see, but my impression is that the nfs fix would
not be in the updated kernel (I hope I am wrong).  They are talking
about getting it into 5.2 (even possibly into 5.3).  I can see that
this is a problem.  Now, we can not "stay with 53.1.4"  on the systems
where the local root exploit is a serious problem.

Akemi

Yes, until now we had no problem stalling on 53.1.4.  I guess we'll have
to test how badly the nfs performance degradation actually is under a
heavy load in our environment.

Good news!  CentOS is going to offer the updated kernel (-53.1.13)
with the nfs patch applied -- thanks to Johnny Hughes.  Let's wait to
hear from him.

Akemi

There is a kernel that matches upstream and it is released to the centos-5 tree and available via the normal yum updates.

It is patched for this root exploit issue, but the NFS is still broken per this bug:

https://bugzilla.redhat.com/show_bug.cgi?id=321111

SO ... there are kernels available here (that you will need to manually install) which SHOULD fix this root exploit AND work with NFS:

http://people.centos.org/~hughesjr/kernel/5/

This is a testing kernel ... it seems to work for me and has passed testing on several other CentOS servers ... and it has a backported patch from the 2.6.18-80.el5 testing upstream RHEL server.

Each person who wants to use this needs to test it first for themselves ... if it breaks your machine you get to keep all pieces :D

I will also be rolling this same NFS patch into the centosplus kernel for centos-5 which is currently building.

Thanks,
Johnny Hughes

Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos

[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux