Will installing and running ksplice interfere or cause issues with cPanel?
I assume not as you are sort of promoting it; just making sure.
Will it be effective if we temporary disable auto update cpanel and apply patch to disable 32bits binaries till official fix released from RH for Centos ?
Does anyone know how to undo this patch? I've been looking, I have my DC's admins looking, and we're all baffled at what we're seeing.
If you need to remove the path, run the following command as the root user to restore the default:
echo -1 > /proc/sys/fs/binfmt_misc/32bits
I removed the patch - the CloudLinux server was formally patched with KSplice, and the older servers were about to be replaced anyway and there's some debate as to whether it affects my kernel on those servers because they've been around a while.If you're having a problem with this, I'm sure cPanel wants to know about it. I suggest a ticket be put in and link them to this thread in the ticket.
For anyone who needs it, it's:
from https://access.redhat.com/kb/docs/DOC-40265If you need to remove the mitigation, run the following command as the root
user to restore the default behavior (and remove the above changes to
/etc/rc.local if made):
# echo -1 > /proc/sys/fs/binfmt_misc/32bits
Someone else can have their clients scream at them while they jockey with the temporary patch and cPanel support. I'm going to concentrate moving those servers to new CL boxes asap.
As always, we're happy to help at firstname.lastname@example.org with any questions.
You can disable the mitigation by running the following command as root:
If that doesn't work and you think that this issue is related to Ksplice, please contact us at email@example.com and we will help investigate and correct the issue.Code:# echo -1 > /proc/sys/fs/binfmt_misc/32bits
You are indeed correct. My admin used the RH patch.
Sounds stupid but, The easiest option is to wait for the vendor update rather than the patch, People with WHM who used the patch have MASSIVE issues, I tested on one box and I could not get the mysql and such to stay online.
I disabled ALOT of php functions to tighten some things up till the new kernal comes out, Centos has released a newer version but I have not tested this yet:
Taken from there testing repository ( beta but no exploits found so far )
Now to wait it out there is a risk, But you also take a risk by applying patches.