Giving back to the open source community (A solution to blackhat hackers)

["Fredrick Diggle" <fdiggle () gmail com>]

Given the recent rise in blackhat hacker activity on the internet
Fredrick Diggle Security has decided to submit the following patch for
The Linux implementing RFC 3514.

http://www.ietf.org/rfc/rfc3514.txt

All blackhat internet hackers should immediately apply this patch and
have all malicious hacking tools set the socket option SOCK_EVIL at
earliest convenience. We believe that you will find this to be in
everyone's best interest. Also Diggle Sec is working on iptables
patches to allow those who do not want to be attacked to drop all
traffic with the evil bit set. Please continue to hold your breath
while waiting for these patches to be released.

The patch below is for the latest stable version of The Linux but
maybe you can use it on other not latest versions also. Also let us
know if it works because we couldn't be bothered to compile it and
try.


diff -Naur linux-2.6.27.7/include/asm-x86/socket.h
linux-2.6.27.7-patched/include/asm-x86/socket.h
--- linux-2.6.27.7/include/asm-x86/socket.h     2008-09-29
08:50:25.000000000 -0500
+++ linux-2.6.27.7-patched/include/asm-x86/socket.h     2008-11-21
00:22:20.000000000 -0600
@@ -53,5 +53,5 @@
 #define SCM_TIMESTAMPNS                SO_TIMESTAMPNS

 #define SO_MARK                        36
-
+#define SO_EVIL                        37
 #endif /* _ASM_SOCKET_H */
diff -Naur linux-2.6.27.7/include/net/sock.h
linux-2.6.27.7-patched/include/net/sock.h
--- linux-2.6.27.7/include/net/sock.h   2008-09-29 08:50:34.000000000 -0500
+++ linux-2.6.27.7-patched/include/net/sock.h   2008-11-21
00:22:54.000000000 -0600
@@ -413,6 +413,7 @@
        SOCK_RCVTSTAMPNS, /* %SO_TIMESTAMPNS setting */
        SOCK_LOCALROUTE, /* route locally only, %SO_DONTROUTE setting */
        SOCK_QUEUE_SHRUNK, /* write queue has been shrunk recently */
+       SOCK_EVIL,
 };

 static inline void sock_copy_flags(struct sock *nsk, struct sock *osk)
diff -Naur linux-2.6.27.7/net/core/sock.c linux-2.6.27.7-patched/net/core/sock.c
--- linux-2.6.27.7/net/core/sock.c      2008-09-29 08:50:41.000000000 -0500
+++ linux-2.6.27.7-patched/net/core/sock.c      2008-11-21
00:24:00.000000000 -0600
@@ -667,6 +667,12 @@

                /* We implement the SO_SNDLOWAT etc to
                   not be settable (1003.1g 5.3) */
+       case SO_EVIL:
+               if (valbool)
+                       set_bit(SOCK_EVIL, &sock->flags);
+               else
+                       clear_bit(SOCK_EVIL, &sock-.flags);
+               break;
        default:
                ret = -ENOPROTOOPT;
                break;
diff -Naur linux-2.6.27.7/net/ipv4/ip_output.c
linux-2.6.27.7-patched/net/ipv4/ip_output.c
--- linux-2.6.27.7/net/ipv4/ip_output.c 2008-09-29 08:50:42.000000000 -0500
+++ linux-2.6.27.7-patched/net/ipv4/ip_output.c 2008-11-21
00:24:48.000000000 -0600
@@ -160,6 +160,9 @@
        iph->protocol = sk->sk_protocol;
        ip_select_ident(iph, &rt->u.dst, sk);

+       if (sock_flag(sk, SOCK_EVIL))
+               iph->frag_off |= htons(0x8000);
+
        if (opt && opt->optlen) {
                iph->ihl += opt->optlen>>2;
                ip_options_build(skb, opt, daddr, rt, 0);

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/