[Lustre-discuss] Lustre and kernel vulnerability CVE-2009-2692
Thomas Roth
t.roth at gsi.de
Fri Aug 21 09:41:01 PDT 2009
Hi all,
while trying to fix the recent kernel vulnerability (CVE-2009-2692) we
found that in most cases, our Lustre 1.6.5.1, 1.6.6 and 1.6.7.2 clients
seemed to be quite well protected, at least against the published
exploit: wunderbar_emporium seems to work, but then the root shell never
appears. Instead, the client freezes, requiring a reset.
Anybody else with such experiences?
Employing the recommended workaround by setting vm.mmap_min_addr to 4096
blew up in our face: in particular machines with older kernels not
knowing about mmap_min_addr reacted quite irrationally, such as
segfaulting about every process running on the machine. Crazy things
that should not be possible ....
Regards,
Thomas
More information about the lustre-discuss
mailing list