lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date: Wed, 22 Dec 2004 22:59:12 -0500
From: Valdis.Kletnieks@...edu
To: Paul Starzetz <ihaquer@...c.pl>
Cc: even multiplexed <Shadow333@....at>, bugtraq@...urityfocus.com,
	vulnwatch@...nwatch.org, security@...c.pl,
	full-disclosure@...ts.netsys.com
Subject: Re: [Full-Disclosure] Re: Linux kernel scm_send local DoS

On Wed, 15 Dec 2004 13:31:30 +0100, Paul Starzetz said:
> I don't think this is practicable, since the bugs reside in deep kernel 
> functions. You can not fix it just by disabling a particular syscall. You 
> have patch a running kernel binary, maybe someone comes up with this kind 
> of utlility.

Majorly scary. I've done similar patch-on-the-fly on many different systems
in the past 25 years.  You *really* want to install a proper patch and reboot.

If you can't tolerate the 10-20 minutes of downtime a scheduled reboot will
take, you can't tolerate the hours of downtime you'll get if you get hacked.
So either bite the bullet and reboot, or get redundant gear so you have good
fail-over while you reboot.

(Note that *some* bugs in the Linux kernel can at least theoretically be
fixed on the fly with an rmmod of the buggy module and an insmod of a patched
version built against the same source tree.  The bugs in question aren't in
code that's likely to be rmmod'able on a running production system....)

Content of type "application/pgp-signature" skipped

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ