Forum OpenACS Q&A: Re: Beware the latest kernel upgrade

Posted by Mike Sisk on

To be more specific, this is the ptrace local root hole patch for Linux that was discussed yesterday in various places including slashdot.

In our case, we're using Red Hat and this affects our 7.2, 7.3, and 8.0 systems.

One effect of this patch is a subtle change in the way the kernel reports the status of child processes.


On an unpatched kernel (2.4.18-26.7.x):

# ps -efwww | grep nsd | grep tufte

nsadmin   1410  1378  0 Mar18 ?        00:00:00 /export/nsd3.3+ad13/bin/nsd -u nsadmin -g users -s tufte -it /export/nsd3.3+ad13/tufte.tcl

On the system with the patch (2.4.18-27.7.x):

# ps -efwww | grep nsd | grep tufte

nsadmin   1410  1378  0 Mar18 ?        00:00:00 [nsd]

The ps and top commands on Linux gather their info from /proc. If you cat out the /proc/pid#/cmdline of a child process in a patched kernel you'll find it null. Whereas before, it reported the command line arguments for this process.

This is a problem for us on a shared server where there are many ACS and/or OpenACS instances running--the keepalive scripts depend on being able to read the arguments passed to nsd to determine which site is running on a particular process id.

It's unclear to me if this behaviour is an expected result of this bug fix--I'm not too familiar with this part of the Linux kernel and I don't totally understand this particular exploit, either. But I have seen some discussion on the kernel lists about the fix and other folks having similar problems.