Re: non-random IP IDs

From: Alfred Perlstein (bright@wintelcom.net)
Date: 04/17/01 

Date: Tue, 17 Apr 2001 13:13:00 -0700
From: Alfred Perlstein <bright@wintelcom.net>
To: "Rodney W. Grimes" <freebsd@gndrsh.dnsmgr.net>

* Rodney W. Grimes <freebsd@gndrsh.dnsmgr.net> [010417 10:37] wrote:
> > * Darren Reed <avalon@coombs.anu.edu.au> [010417 04:29] wrote:
> > > In some mail from Julian Elischer, sie said:
> > > >
> > > > there is a site that calculates server uptime from these numbers.
> > > > All the leading machines are freeBSD. When you do this it will
> > > > no-longer be able to track us :-(
> > >
> > > IMHO, extraordinarily large uptimes are nothing to be proud of and
> > > say nothing about the quality of software.
> > >
> > > I'd almost go so far as to say uptimes greater than 1 year indicate
> > > that the system administration practises need review.
> >
> > Agreed. I've yet to hear about any seriously deployed system
> > go without security advisories for over a year.
>
> Or perhaps this is a very talented system admin who values uptime
> and finds work arounds that don't envolve downing a system that do
> just as good, and sometimes better, than the vendor fix for the
> security issue.
>
> Security Fix != Reboot required.

Well I was the one that asked Jake if he could provide a system
for patching static functions in the kernel. If you search the
archives there is a patch for doing this.

It's actually quite reasonable to patch code out from under a running
system. One can replace the entry opcode of the function with a
jump to the patched code. The only time this becomes a problem is
when structures change, however backporting the fix shouldn't be
a problem. 

-- 
-Alfred Perlstein - [bright@wintelcom.net|alfred@freebsd.org]
Represent yourself, show up at BABUG http://www.babug.org/
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Quantcast