lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <200412171618.47279.xbud@g0thead.com>
From: xbud at g0thead.com (xbud)
Subject: Re: Linux kernel scm_send local DoS

On Wednesday 15 December 2004 15:48, gadgeteer@...gantinnovations.org wrote:
> Not by disabling the syscall but by replacing it in the manner that a
> rootkit replaces syscalls.  Build a new kernel from the same
> source/config except for patch.  Replace syscalls where there is change.
> Practical?
> Stable?
> No.  Much easier to simply reboot to new kernel.  If service(s) are so
> critical as to not tolerate a reboot yet have a single point of failure
> on this one component then there are greater problems at play.

I'd have to agree with Paul on this one, be it syscall or a binary patch for 
other code.  It's in kernel mode, if the module/patch crashes the running 
image 'oops' I downed the box.  I doubt any reasonable IT procedures would 
endure this type of fix on their production systems.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ