on 2/13/2008 6:52 AM Johnny Hughes spake the following:
I soo love that last line! I could just imagine someone like Jack Nicholson saying it in a movie.Akemi Yagi wrote:On Feb 11, 2008 10:52 AM, Scott McClanahan <scott.mcclanahan@xxxxxxxxxxxx> wrote:On Mon, 2008-02-11 at 10:45 -0800, Akemi Yagi wrote:We have to wait and see, but my impression is that the nfs fix would not be in the updated kernel (I hope I am wrong). They are talking about getting it into 5.2 (even possibly into 5.3). I can see that this is a problem. Now, we can not "stay with 53.1.4" on the systems where the local root exploit is a serious problem. AkemiYes, until now we had no problem stalling on 53.1.4. I guess we'll have to test how badly the nfs performance degradation actually is under a heavy load in our environment.Good news! CentOS is going to offer the updated kernel (-53.1.13) with the nfs patch applied -- thanks to Johnny Hughes. Let's wait to hear from him. AkemiThere is a kernel that matches upstream and it is released to the centos-5 tree and available via the normal yum updates.It is patched for this root exploit issue, but the NFS is still broken per this bug:https://bugzilla.redhat.com/show_bug.cgi?id=321111SO ... there are kernels available here (that you will need to manually install) which SHOULD fix this root exploit AND work with NFS:http://people.centos.org/~hughesjr/kernel/5/This is a testing kernel ... it seems to work for me and has passed testing on several other CentOS servers ... and it has a backported patch from the 2.6.18-80.el5 testing upstream RHEL server.Each person who wants to use this needs to test it first for themselves ... if it breaks your machine you get to keep all pieces :D
-- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!!
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________ CentOS mailing list CentOS@xxxxxxxxxx http://lists.centos.org/mailman/listinfo/centos
