lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-Id: <20090814.163859.28961257.maxigas@anargeek.net>
Date: Fri, 14 Aug 2009 16:38:59 +0100 (BST)
From: maxigas <maxigas@...rgeek.net>
To: full-disclosure@...ts.grok.org.uk
Subject: nullpointer fix question

hi!

Should this fix work against the nullpointer linux kernel vulnerability?

Should it break any services on a usual LAMP machine?

thx,

ps: sorry i lost the header for original message

maxigas

> > So, here's the contents of disabled-protocols .
> >
> > ================================================
> > # these networking protocols are not needed on this server
> >
> > install net-pf-3  /bin/true             # Amateur Radio AX.25
> > install net-pf-4  /bin/true             # Novell IPX
> > install net-pf-5  /bin/true             # AppleTalk DDP
> > install net-pf-6  /bin/true             # Amateur Radio NET/ROM
> > install net-pf-8  /bin/true             # ATM PVCs
> > install net-pf-9  /bin/true             # Reserved for X.25 project
> > install net-pf-10 /bin/true             # IP version 6
> > install net-pf-11 /bin/true             # Amateur Radio X.25 PLP
> > install net-pf-12 /bin/true             # Reserved for DECnet project
> > install net-pf-13 /bin/true             # Reserved for 802.2LLC project
> > install net-pf-18 /bin/true             # Ash
> > install net-pf-19 /bin/true             # Acorn Econet
> > install net-pf-20 /bin/true             # ATM SVCs
> > install net-pf-22 /bin/true             # Linux SNA Project (nutters!)
> > install net-pf-23 /bin/true             # IRDA sockets
> > install net-pf-24 /bin/true             # PPPoX sockets
> > install net-pf-25 /bin/true             # Wanpipe API Sockets
> > install net-pf-26 /bin/true             # Linux LLC
> > install net-pf-30 /bin/true             # TIPC sockets
> > install net-pf-31 /bin/true             # Bluetooth sockets
> > ________________________________________

> > On the servers where I really care about security, I disable most
> > networking protocols by installing the attached file as:
> >
> >   /etc/modprobe.d/disabled-protocols
> >
> > [Note that this file disables IPv6.]
> >
> > It's safest to reboot after installing this file, in case any of
> > the networking-protocol modules have already been inserted into
> > the kernel.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ