lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Fri, 14 Aug 2009 16:38:59 +0100 (BST) From: maxigas <maxigas@...rgeek.net> To: full-disclosure@...ts.grok.org.uk Subject: nullpointer fix question hi! Should this fix work against the nullpointer linux kernel vulnerability? Should it break any services on a usual LAMP machine? thx, ps: sorry i lost the header for original message maxigas > > So, here's the contents of disabled-protocols . > > > > ================================================ > > # these networking protocols are not needed on this server > > > > install net-pf-3 /bin/true # Amateur Radio AX.25 > > install net-pf-4 /bin/true # Novell IPX > > install net-pf-5 /bin/true # AppleTalk DDP > > install net-pf-6 /bin/true # Amateur Radio NET/ROM > > install net-pf-8 /bin/true # ATM PVCs > > install net-pf-9 /bin/true # Reserved for X.25 project > > install net-pf-10 /bin/true # IP version 6 > > install net-pf-11 /bin/true # Amateur Radio X.25 PLP > > install net-pf-12 /bin/true # Reserved for DECnet project > > install net-pf-13 /bin/true # Reserved for 802.2LLC project > > install net-pf-18 /bin/true # Ash > > install net-pf-19 /bin/true # Acorn Econet > > install net-pf-20 /bin/true # ATM SVCs > > install net-pf-22 /bin/true # Linux SNA Project (nutters!) > > install net-pf-23 /bin/true # IRDA sockets > > install net-pf-24 /bin/true # PPPoX sockets > > install net-pf-25 /bin/true # Wanpipe API Sockets > > install net-pf-26 /bin/true # Linux LLC > > install net-pf-30 /bin/true # TIPC sockets > > install net-pf-31 /bin/true # Bluetooth sockets > > ________________________________________ > > On the servers where I really care about security, I disable most > > networking protocols by installing the attached file as: > > > > /etc/modprobe.d/disabled-protocols > > > > [Note that this file disables IPv6.] > > > > It's safest to reboot after installing this file, in case any of > > the networking-protocol modules have already been inserted into > > the kernel. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists