[37747] in bugtraq
Re: Linux kernel scm_send local DoS
daemon@ATHENA.MIT.EDU (gadgeteer@elegantinnovations.org)
Wed Dec 15 17:27:22 2004
Date: Wed, 15 Dec 2004 13:48:28 -0700
From: gadgeteer@elegantinnovations.org
To: bugtraq@securityfocus.com, full-disclosure@lists.netsys.com
Message-ID: <20041215204828.GL1598@hyper>
Mail-Followup-To: bugtraq@securityfocus.com,
full-disclosure@lists.netsys.com
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <Pine.LNX.4.44.0412151328540.1826-100000@isec.pl>
On Wed, Dec 15, 2004 at 01:31:30PM +0100, Paul Starzetz (ihaquer@isec.pl) wrote:
> I don't think this is practicable, since the bugs reside in deep kernel
> functions. You can not fix it just by disabling a particular syscall. You
> have patch a running kernel binary, maybe someone comes up with this kind
> of utlility.
Not by disabling the syscall but by replacing it in the manner that a
rootkit replaces syscalls. Build a new kernel from the same
source/config except for patch. Replace syscalls where there is change.
Practical?
Stable?
No. Much easier to simply reboot to new kernel. If service(s) are so
critical as to not tolerate a reboot yet have a single point of failure
on this one component then there are greater problems at play.
--
Chief Gadgeteer
Elegant Innovations
