CentOS kernel security exploit | RHEL 2.6.32.X | 15 May 2013

[---]

سلام

شرکت BetterLinuxTM امروز برای من ایمیلی رو با عنوان CentOS kernel security exploit ارسال کرده که بنده عین ایمیل رو براتون نقل قول میکنم .

Dear BetterLinux Beta Customer,


A vulnerability has been discovered in stock CentOS and RHEL 2.6.32.X kernels (and consequently in the BetterLinux kernel) that requires an immediate security response. While we wait for upstream vendors to address the issue, please use this temporary work-around to secure your systems:
Using the

کد:

sysctl

utility, alter the the

کد:

perf_event_paranoid

variable. In part, this variable determines whether you:

1. Disallow cpu events for unprivileged users
2. Disallow kernel profiling for unprivileged users

Choose option 2, which essentially makes the

کد:

perf

system usable only by root:

کد:

sysctl kernel.perf_event_paranoid=2

Unfortunately, this variable resets upon reboot. Here are three responses to that inconvenience:

1. Manually change the variable after every boot
2. Add the
   کد:

   sysctl

   instruction into a system RC script, OR
3. Simply add the instruction into
   کد:

   /etc/sysctl.conf

   .

Redhat is now testing a fix, and CentOS will not be far behind. We apologize for any inconvenience.

The BetterLinux Team

[nginxweb]

ضمن تشکر

لینک مرنبط:

https://www.centos.org/modules/newbb...42827&forum=59