3 Replies Latest reply: May 16, 2013 12:10 AM by Catch-22 RSS

    OL6-UEK kernel, systemtap, and zero-day exploit - cannot use systemtap

      I am attempting to mitigate a zero-day exploit by using systemtap, but I'm unable to get systemtap working.

      Info on the exploit is here: [https://news.ycombinator.com/item?id=5703758|https://news.ycombinator.com/item?id=5703758]

      Here's info on using systemtap to mitigate the problem until a patched kernel is available: [https://bugzilla.redhat.com/show_bug.cgi?id=962792#c13|https://bugzilla.redhat.com/show_bug.cgi?id=962792#c13]

      What I'm getting from stap is this:

      ERROR: Build-id mismatch: "kernel" vs. "vmlinux" byte 0 (0x89 vs 0xb0) address 0xffffffff8151b0dc rc 0

      The running kernel matches the installed debuginfo package (downloaded from https://oss.oracle.com/ol6/debuginfo/).
      The Build Ids do actually differ:

      [root@vhost6 semtex]# eu-readelf -n /usr/lib/debug/lib/modules/2.6.39-400.17.2.el6uek.x86_64/vmlinux | grep Build
      Build ID: 895d49c9c5f19c1dde2c84c009b7e8403d2ab560

      [root@vhost6 semtex]# eu-readelf -n /boot/vmlinuz-2.6.39-400.17.2.el6uek.x86_64 | grep Build
      Build ID: b085b54a119c8cc75bef84dc9f96b1019692d99f

      How can I get systemtap running so I can mitigate this exploit?????