Full Disclosure mailing list archives
Re: Linux kernel scm_send local DoS
From: gadgeteer () elegantinnovations org
Date: Wed, 15 Dec 2004 13:48:28 -0700
On Wed, Dec 15, 2004 at 01:31:30PM +0100, Paul Starzetz (ihaquer () isec pl) wrote:
I don't think this is practicable, since the bugs reside in deep kernel functions. You can not fix it just by disabling a particular syscall. You have patch a running kernel binary, maybe someone comes up with this kind of utlility.
Not by disabling the syscall but by replacing it in the manner that a rootkit replaces syscalls. Build a new kernel from the same source/config except for patch. Replace syscalls where there is change. Practical? Stable? No. Much easier to simply reboot to new kernel. If service(s) are so critical as to not tolerate a reboot yet have a single point of failure on this one component then there are greater problems at play. -- Chief Gadgeteer Elegant Innovations _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Linux kernel scm_send local DoS Paul Starzetz (Dec 15)
- Re: Linux kernel scm_send local DoS even multiplexed (Dec 17)
- Re: Linux kernel scm_send local DoS Paul Starzetz (Dec 22)
- Re: Linux kernel scm_send local DoS gadgeteer (Dec 17)
- Re: Re: Linux kernel scm_send local DoS xbud (Dec 23)
- Re: Linux kernel scm_send local DoS even multiplexed (Dec 22)
- Re: Linux kernel scm_send local DoS Paul Starzetz (Dec 22)
- Re: Linux kernel scm_send local DoS even multiplexed (Dec 17)
- Re: Linux kernel scm_send local DoS Pavel Kankovsky (Dec 23)
- <Possible follow-ups>
- RE: Linux kernel scm_send local DoS Leif Sawyer (Dec 15)
- RE: Linux kernel scm_send local DoS Paul Starzetz (Dec 15)