Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: Linux kernel scm_send local DoS
From: gadgeteer () elegantinnovations org
Date: Wed, 15 Dec 2004 13:48:28 -0700

On Wed, Dec 15, 2004 at 01:31:30PM +0100, Paul Starzetz (ihaquer () isec pl) wrote:
I don't think this is practicable, since the bugs reside in deep kernel 
functions. You can not fix it just by disabling a particular syscall. You 
have patch a running kernel binary, maybe someone comes up with this kind 
of utlility.

Not by disabling the syscall but by replacing it in the manner that a
rootkit replaces syscalls.  Build a new kernel from the same
source/config except for patch.  Replace syscalls where there is change.
No.  Much easier to simply reboot to new kernel.  If service(s) are so
critical as to not tolerate a reboot yet have a single point of failure
on this one component then there are greater problems at play.
Chief Gadgeteer
Elegant Innovations
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]