[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Full-disclosure] Giving back to the open source community (A solution to blackhat hackers)
- To: full-disclosure <full-disclosure@xxxxxxxxxxxxxxxxx>
- Subject: [Full-disclosure] Giving back to the open source community (A solution to blackhat hackers)
- From: "Fredrick Diggle" <fdiggle@xxxxxxxxx>
- Date: Thu, 20 Nov 2008 23:28:31 -0600
Given the recent rise in blackhat hacker activity on the internet
Fredrick Diggle Security has decided to submit the following patch for
The Linux implementing RFC 3514.
http://www.ietf.org/rfc/rfc3514.txt
All blackhat internet hackers should immediately apply this patch and
have all malicious hacking tools set the socket option SOCK_EVIL at
earliest convenience. We believe that you will find this to be in
everyone's best interest. Also Diggle Sec is working on iptables
patches to allow those who do not want to be attacked to drop all
traffic with the evil bit set. Please continue to hold your breath
while waiting for these patches to be released.
The patch below is for the latest stable version of The Linux but
maybe you can use it on other not latest versions also. Also let us
know if it works because we couldn't be bothered to compile it and
try.
diff -Naur linux-2.6.27.7/include/asm-x86/socket.h
linux-2.6.27.7-patched/include/asm-x86/socket.h
--- linux-2.6.27.7/include/asm-x86/socket.h 2008-09-29
08:50:25.000000000 -0500
+++ linux-2.6.27.7-patched/include/asm-x86/socket.h 2008-11-21
00:22:20.000000000 -0600
@@ -53,5 +53,5 @@
#define SCM_TIMESTAMPNS SO_TIMESTAMPNS
#define SO_MARK 36
-
+#define SO_EVIL 37
#endif /* _ASM_SOCKET_H */
diff -Naur linux-2.6.27.7/include/net/sock.h
linux-2.6.27.7-patched/include/net/sock.h
--- linux-2.6.27.7/include/net/sock.h 2008-09-29 08:50:34.000000000 -0500
+++ linux-2.6.27.7-patched/include/net/sock.h 2008-11-21
00:22:54.000000000 -0600
@@ -413,6 +413,7 @@
SOCK_RCVTSTAMPNS, /* %SO_TIMESTAMPNS setting */
SOCK_LOCALROUTE, /* route locally only, %SO_DONTROUTE setting */
SOCK_QUEUE_SHRUNK, /* write queue has been shrunk recently */
+ SOCK_EVIL,
};
static inline void sock_copy_flags(struct sock *nsk, struct sock *osk)
diff -Naur linux-2.6.27.7/net/core/sock.c linux-2.6.27.7-patched/net/core/sock.c
--- linux-2.6.27.7/net/core/sock.c 2008-09-29 08:50:41.000000000 -0500
+++ linux-2.6.27.7-patched/net/core/sock.c 2008-11-21
00:24:00.000000000 -0600
@@ -667,6 +667,12 @@
/* We implement the SO_SNDLOWAT etc to
not be settable (1003.1g 5.3) */
+ case SO_EVIL:
+ if (valbool)
+ set_bit(SOCK_EVIL, &sock->flags);
+ else
+ clear_bit(SOCK_EVIL, &sock-.flags);
+ break;
default:
ret = -ENOPROTOOPT;
break;
diff -Naur linux-2.6.27.7/net/ipv4/ip_output.c
linux-2.6.27.7-patched/net/ipv4/ip_output.c
--- linux-2.6.27.7/net/ipv4/ip_output.c 2008-09-29 08:50:42.000000000 -0500
+++ linux-2.6.27.7-patched/net/ipv4/ip_output.c 2008-11-21
00:24:48.000000000 -0600
@@ -160,6 +160,9 @@
iph->protocol = sk->sk_protocol;
ip_select_ident(iph, &rt->u.dst, sk);
+ if (sock_flag(sk, SOCK_EVIL))
+ iph->frag_off |= htons(0x8000);
+
if (opt && opt->optlen) {
iph->ihl += opt->optlen>>2;
ip_options_build(skb, opt, daddr, rt, 0);
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/