[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] Re: Linux kernel scm_send local DoS

To: full-disclosure@xxxxxxxxxxxxxxxx
Subject: Re: [Full-Disclosure] Re: Linux kernel scm_send local DoS
From: xbud <xbud@xxxxxxxxxxx>
Date: Fri, 17 Dec 2004 16:18:47 -0500

On Wednesday 15 December 2004 15:48, gadgeteer@xxxxxxxxxxxxxxxxxxxxxx wrote:
> Not by disabling the syscall but by replacing it in the manner that a
> rootkit replaces syscalls.  Build a new kernel from the same
> source/config except for patch.  Replace syscalls where there is change.
> Practical?
> Stable?
> No.  Much easier to simply reboot to new kernel.  If service(s) are so
> critical as to not tolerate a reboot yet have a single point of failure
> on this one component then there are greater problems at play.

I'd have to agree with Paul on this one, be it syscall or a binary patch for 
other code.  It's in kernel mode, if the module/patch crashes the running 
image 'oops' I downed the box.  I doubt any reasonable IT procedures would 
endure this type of fix on their production systems.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

References:
- [Full-Disclosure] Re: Linux kernel scm_send local DoS
  - From: even multiplexed
- [Full-Disclosure] Re: Linux kernel scm_send local DoS
  - From: Paul Starzetz
- [Full-Disclosure] Re: Linux kernel scm_send local DoS
  - From: gadgeteer

Prev by Date: [Full-Disclosure] [ GLSA 200412-22 ] mpg123: Playlist buffer overflow
Next by Date: [Full-Disclosure] Script Injection in Google Groups Beta
Previous by thread: [Full-Disclosure] Re: Linux kernel scm_send local DoS
Next by thread: [Full-Disclosure] Re: Linux kernel scm_send local DoS
Index(es):
- Date
- Thread