Full Disclosure mailing list archives
nullpointer fix question
From: maxigas <maxigas () anargeek net>
Date: Fri, 14 Aug 2009 16:38:59 +0100 (BST)
hi! Should this fix work against the nullpointer linux kernel vulnerability? Should it break any services on a usual LAMP machine? thx, ps: sorry i lost the header for original message maxigas
So, here's the contents of disabled-protocols . ================================================ # these networking protocols are not needed on this server install net-pf-3 /bin/true # Amateur Radio AX.25 install net-pf-4 /bin/true # Novell IPX install net-pf-5 /bin/true # AppleTalk DDP install net-pf-6 /bin/true # Amateur Radio NET/ROM install net-pf-8 /bin/true # ATM PVCs install net-pf-9 /bin/true # Reserved for X.25 project install net-pf-10 /bin/true # IP version 6 install net-pf-11 /bin/true # Amateur Radio X.25 PLP install net-pf-12 /bin/true # Reserved for DECnet project install net-pf-13 /bin/true # Reserved for 802.2LLC project install net-pf-18 /bin/true # Ash install net-pf-19 /bin/true # Acorn Econet install net-pf-20 /bin/true # ATM SVCs install net-pf-22 /bin/true # Linux SNA Project (nutters!) install net-pf-23 /bin/true # IRDA sockets install net-pf-24 /bin/true # PPPoX sockets install net-pf-25 /bin/true # Wanpipe API Sockets install net-pf-26 /bin/true # Linux LLC install net-pf-30 /bin/true # TIPC sockets install net-pf-31 /bin/true # Bluetooth sockets ________________________________________
On the servers where I really care about security, I disable most networking protocols by installing the attached file as: /etc/modprobe.d/disabled-protocols [Note that this file disables IPv6.] It's safest to reboot after installing this file, in case any of the networking-protocol modules have already been inserted into the kernel.
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- nullpointer fix question maxigas (Aug 14)
- Re: nullpointer fix question Tavis Ormandy (Aug 14)