Bugtraq mailing list archives
Re: [Full-Disclosure] Re: Linux kernel scm_send local DoS
From: Valdis.Kletnieks () vt edu
Date: Wed, 22 Dec 2004 22:59:12 -0500
On Wed, 15 Dec 2004 13:31:30 +0100, Paul Starzetz said:
I don't think this is practicable, since the bugs reside in deep kernel functions. You can not fix it just by disabling a particular syscall. You have patch a running kernel binary, maybe someone comes up with this kind of utlility.
Majorly scary. I've done similar patch-on-the-fly on many different systems in the past 25 years. You *really* want to install a proper patch and reboot. If you can't tolerate the 10-20 minutes of downtime a scheduled reboot will take, you can't tolerate the hours of downtime you'll get if you get hacked. So either bite the bullet and reboot, or get redundant gear so you have good fail-over while you reboot. (Note that *some* bugs in the Linux kernel can at least theoretically be fixed on the fly with an rmmod of the buggy module and an insmod of a patched version built against the same source tree. The bugs in question aren't in code that's likely to be rmmod'able on a running production system....)
Attachment:
_bin
Description:
Current thread:
- Linux kernel scm_send local DoS Paul Starzetz (Dec 14)
- Re: Linux kernel scm_send local DoS even multiplexed (Dec 15)
- Re: Linux kernel scm_send local DoS Paul Starzetz (Dec 15)
- Re: Linux kernel scm_send local DoS even multiplexed (Dec 15)
- Re: Linux kernel scm_send local DoS gadgeteer (Dec 15)
- Re: [Full-Disclosure] Re: Linux kernel scm_send local DoS Valdis . Kletnieks (Dec 23)
- Re: Linux kernel scm_send local DoS Paul Starzetz (Dec 15)
- Re: Linux kernel scm_send local DoS Pavel Kankovsky (Dec 23)
- Re: Linux kernel scm_send local DoS even multiplexed (Dec 15)