| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <a8fe69350811202128l4bfa9c44r3930acc9a38ab334@mail.gmail.com>
Date: Thu, 20 Nov 2008 23:28:31 -0600
From: "Fredrick Diggle" <fdiggle@...il.com>
To: full-disclosure <full-disclosure@...ts.grok.org.uk>
Subject: Giving back to the open source community (A
solution to blackhat hackers)
Given the recent rise in blackhat hacker activity on the internet
Fredrick Diggle Security has decided to submit the following patch for
The Linux implementing RFC 3514.
http://www.ietf.org/rfc/rfc3514.txt
All blackhat internet hackers should immediately apply this patch and
have all malicious hacking tools set the socket option SOCK_EVIL at
earliest convenience. We believe that you will find this to be in
everyone's best interest. Also Diggle Sec is working on iptables
patches to allow those who do not want to be attacked to drop all
traffic with the evil bit set. Please continue to hold your breath
while waiting for these patches to be released.
The patch below is for the latest stable version of The Linux but
maybe you can use it on other not latest versions also. Also let us
know if it works because we couldn't be bothered to compile it and
try.
diff -Naur linux-2.6.27.7/include/asm-x86/socket.h
linux-2.6.27.7-patched/include/asm-x86/socket.h
--- linux-2.6.27.7/include/asm-x86/socket.h 2008-09-29
08:50:25.000000000 -0500
+++ linux-2.6.27.7-patched/include/asm-x86/socket.h 2008-11-21
00:22:20.000000000 -0600
@@ -53,5 +53,5 @@
#define SCM_TIMESTAMPNS SO_TIMESTAMPNS
#define SO_MARK 36
-
+#define SO_EVIL 37
#endif /* _ASM_SOCKET_H */
diff -Naur linux-2.6.27.7/include/net/sock.h
linux-2.6.27.7-patched/include/net/sock.h
--- linux-2.6.27.7/include/net/sock.h 2008-09-29 08:50:34.000000000 -0500
+++ linux-2.6.27.7-patched/include/net/sock.h 2008-11-21
00:22:54.000000000 -0600
@@ -413,6 +413,7 @@
SOCK_RCVTSTAMPNS, /* %SO_TIMESTAMPNS setting */
SOCK_LOCALROUTE, /* route locally only, %SO_DONTROUTE setting */
SOCK_QUEUE_SHRUNK, /* write queue has been shrunk recently */
+ SOCK_EVIL,
};
static inline void sock_copy_flags(struct sock *nsk, struct sock *osk)
diff -Naur linux-2.6.27.7/net/core/sock.c linux-2.6.27.7-patched/net/core/sock.c
--- linux-2.6.27.7/net/core/sock.c 2008-09-29 08:50:41.000000000 -0500
+++ linux-2.6.27.7-patched/net/core/sock.c 2008-11-21
00:24:00.000000000 -0600
@@ -667,6 +667,12 @@
/* We implement the SO_SNDLOWAT etc to
not be settable (1003.1g 5.3) */
+ case SO_EVIL:
+ if (valbool)
+ set_bit(SOCK_EVIL, &sock->flags);
+ else
+ clear_bit(SOCK_EVIL, &sock-.flags);
+ break;
default:
ret = -ENOPROTOOPT;
break;
diff -Naur linux-2.6.27.7/net/ipv4/ip_output.c
linux-2.6.27.7-patched/net/ipv4/ip_output.c
--- linux-2.6.27.7/net/ipv4/ip_output.c 2008-09-29 08:50:42.000000000 -0500
+++ linux-2.6.27.7-patched/net/ipv4/ip_output.c 2008-11-21
00:24:48.000000000 -0600
@@ -160,6 +160,9 @@
iph->protocol = sk->sk_protocol;
ip_select_ident(iph, &rt->u.dst, sk);
+ if (sock_flag(sk, SOCK_EVIL))
+ iph->frag_off |= htons(0x8000);
+
if (opt && opt->optlen) {
iph->ihl += opt->optlen>>2;
ip_options_build(skb, opt, daddr, rt, 0);
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists