On Friday 21 August 2009, Thomas Roth wrote: > Hi all, > > while trying to fix the recent kernel vulnerability (CVE-2009-2692) we > found that in most cases, our Lustre 1.6.5.1, 1.6.6 and 1.6.7.2 clients > seemed to be quite well protected, at least against the published > exploit: wunderbar_emporium seems to work, but then the root shell never > appears. Instead, the client freezes, requiring a reset. > Anybody else with such experiences?
One version of an exploit failing is not very comforting. There are several exploits in the wild. > Employing the recommended workaround by setting vm.mmap_min_addr to 4096 > blew up in our face: in particular machines with older kernels not > knowing about mmap_min_addr reacted quite irrationally, such as > segfaulting about every process running on the machine. Crazy things > that should not be possible .... I _think_ you are safe: if (mmap_min_addr > 0 and (kernel >= 2.6.18-128.4.1 and selinux == disabled)) We've rolled out a patched kernel. /Peter > Regards, > Thomas
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ Lustre-discuss mailing list [email protected] http://lists.lustre.org/mailman/listinfo/lustre-discuss
