[37789] in bugtraq
[Full-Disclosure] Re: Linux kernel scm_send local DoS
daemon@ATHENA.MIT.EDU (gadgeteer@elegantinnovations.org)
Fri Dec 17 16:06:51 2004
Date: Wed, 15 Dec 2004 13:48:28 -0700
From: gadgeteer@elegantinnovations.org
To: bugtraq@securityfocus.com, full-disclosure@lists.netsys.com
Message-ID: <20041215204828.GL1598@hyper>
Mail-Followup-To: bugtraq@securityfocus.com,
full-disclosure@lists.netsys.com
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <Pine.LNX.4.44.0412151328540.1826-100000@isec.pl>
Cc:
Errors-To: full-disclosure-bounces@lists.netsys.com
On Wed, Dec 15, 2004 at 01:31:30PM +0100, Paul Starzetz (ihaquer@isec.pl) wrote:
> I don't think this is practicable, since the bugs reside in deep kernel
> functions. You can not fix it just by disabling a particular syscall. You
> have patch a running kernel binary, maybe someone comes up with this kind
> of utlility.
Not by disabling the syscall but by replacing it in the manner that a
rootkit replaces syscalls. Build a new kernel from the same
source/config except for patch. Replace syscalls where there is change.
Practical?
Stable?
No. Much easier to simply reboot to new kernel. If service(s) are so
critical as to not tolerate a reboot yet have a single point of failure
on this one component then there are greater problems at play.
--
Chief Gadgeteer
Elegant Innovations
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
