Re: Linux kernel scm_send local DoS
gadgeteer_at_elegantinnovations.org
Date: 12/15/04
- Previous message: Martin Eiszner: "php unserialize"
- In reply to: Paul Starzetz: "Re: Linux kernel scm_send local DoS"
- Next in thread: gadgeteer_at_elegantinnovations.org: "[Full-Disclosure] Re: Linux kernel scm_send local DoS"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 15 Dec 2004 13:48:28 -0700 To: bugtraq@securityfocus.com, full-disclosure@lists.netsys.com
On Wed, Dec 15, 2004 at 01:31:30PM +0100, Paul Starzetz (ihaquer@isec.pl) wrote:
> I don't think this is practicable, since the bugs reside in deep kernel
> functions. You can not fix it just by disabling a particular syscall. You
> have patch a running kernel binary, maybe someone comes up with this kind
> of utlility.
Not by disabling the syscall but by replacing it in the manner that a
rootkit replaces syscalls. Build a new kernel from the same
source/config except for patch. Replace syscalls where there is change.
Practical?
Stable?
No. Much easier to simply reboot to new kernel. If service(s) are so
critical as to not tolerate a reboot yet have a single point of failure
on this one component then there are greater problems at play.
-- Chief Gadgeteer Elegant Innovations
- Previous message: Martin Eiszner: "php unserialize"
- In reply to: Paul Starzetz: "Re: Linux kernel scm_send local DoS"
- Next in thread: gadgeteer_at_elegantinnovations.org: "[Full-Disclosure] Re: Linux kernel scm_send local DoS"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
