PS: Using the same exploit I distributed I was still able to exploit the vulnerability on my Ubuntu 9.04 box with CONFIG_CC_STACKPROTECTOR=y and CONFIG_CC_STACKPROTECTOR_ALL=y. At first I simply enabled the option and recompiled, saw that the exploit still worked -- so I thought perhaps it was a fluke and recompiled the entire kernel with the new configuration. I ran the exploit and still got root. I'm using gcc (Ubuntu 4.3.3-5ubuntu4) 4.3.3
a grepping of /proc/kallsyms shows that __stack_chk_fail exists
A disassembly of perf_counter.o shows that perf_counter_mmap and perf_counter_comm get instrumented, but not sys_perf_counter_open.
There goes your theory ;) Now you have something to work on this weekend.