This discussion is archived
3 Replies Latest reply: May 15, 2013 10:10 PM by Dude! RSS

OL6-UEK kernel, systemtap, and zero-day exploit - cannot use systemtap

cooldog Newbie
Currently Being Moderated
I am attempting to mitigate a zero-day exploit by using systemtap, but I'm unable to get systemtap working.

Info on the exploit is here: [https://news.ycombinator.com/item?id=5703758|https://news.ycombinator.com/item?id=5703758]

Here's info on using systemtap to mitigate the problem until a patched kernel is available: [https://bugzilla.redhat.com/show_bug.cgi?id=962792#c13|https://bugzilla.redhat.com/show_bug.cgi?id=962792#c13]

What I'm getting from stap is this:

ERROR: Build-id mismatch: "kernel" vs. "vmlinux" byte 0 (0x89 vs 0xb0) address 0xffffffff8151b0dc rc 0

The running kernel matches the installed debuginfo package (downloaded from https://oss.oracle.com/ol6/debuginfo/).
The Build Ids do actually differ:

[root@vhost6 semtex]# eu-readelf -n /usr/lib/debug/lib/modules/2.6.39-400.17.2.el6uek.x86_64/vmlinux | grep Build
Build ID: 895d49c9c5f19c1dde2c84c009b7e8403d2ab560

[root@vhost6 semtex]# eu-readelf -n /boot/vmlinuz-2.6.39-400.17.2.el6uek.x86_64 | grep Build
Build ID: b085b54a119c8cc75bef84dc9f96b1019692d99f

How can I get systemtap running so I can mitigate this exploit?????

Thanks,
Paul

Legend

  • Correct Answers - 10 points
  • Helpful Answers - 5 points