Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

nullpointer fix question

From: maxigas <maxigas () anargeek net>
Date: Fri, 14 Aug 2009 16:38:59 +0100 (BST)
hi!

Should this fix work against the nullpointer linux kernel vulnerability?

Should it break any services on a usual LAMP machine?

thx,

ps: sorry i lost the header for original message

maxigas


So, here's the contents of disabled-protocols .

================================================
# these networking protocols are not needed on this server

install net-pf-3  /bin/true             # Amateur Radio AX.25
install net-pf-4  /bin/true             # Novell IPX
install net-pf-5  /bin/true             # AppleTalk DDP
install net-pf-6  /bin/true             # Amateur Radio NET/ROM
install net-pf-8  /bin/true             # ATM PVCs
install net-pf-9  /bin/true             # Reserved for X.25 project
install net-pf-10 /bin/true             # IP version 6
install net-pf-11 /bin/true             # Amateur Radio X.25 PLP
install net-pf-12 /bin/true             # Reserved for DECnet project
install net-pf-13 /bin/true             # Reserved for 802.2LLC project
install net-pf-18 /bin/true             # Ash
install net-pf-19 /bin/true             # Acorn Econet
install net-pf-20 /bin/true             # ATM SVCs
install net-pf-22 /bin/true             # Linux SNA Project (nutters!)
install net-pf-23 /bin/true             # IRDA sockets
install net-pf-24 /bin/true             # PPPoX sockets
install net-pf-25 /bin/true             # Wanpipe API Sockets
install net-pf-26 /bin/true             # Linux LLC
install net-pf-30 /bin/true             # TIPC sockets
install net-pf-31 /bin/true             # Bluetooth sockets
________________________________________



On the servers where I really care about security, I disable most
networking protocols by installing the attached file as:

  /etc/modprobe.d/disabled-protocols

[Note that this file disables IPv6.]

It's safest to reboot after installing this file, in case any of
the networking-protocol modules have already been inserted into
the kernel.


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: