Date: Wed, 03 Mar 2004 16:04:08 +0100 From: "G.P. de Boer" <g.p.de.boer@st.hanze.nl> To: freebsd-security@freebsd.org Subject: Re: [Freebsd-security] Re: FreeBSD SecurityAdvisoryFreeBSD-SA-04:04.tcp Message-ID: <1078326248.627.13.camel@edinburgh.thedarkside.tix> In-Reply-To: <08F3FCD6-6CFB-11D8-AE61-0030654D97EC@patpro.net> References: <20040302200713.8381924@mail.elvandar.org> <20040302200809.0E98F2B4DA4@mail.evilcoder.org> <19712.213.190.43.52.1078308097.squirrel@webmail.vkt.lt> <08F3FCD6-6CFB-11D8-AE61-0030654D97EC@patpro.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 2004-03-03 at 11:10, Patrick Proniewski wrote: > > But as it is said, that you need to patch or cvsup the kernel source, > > rebuild kernel, and reboot. > > Is there any way to do such thing without rebooting? > you might be able to unload a module and load a patched module, but > when it comes to the kernel, you have no other choice than to reboot > > By the way, the process is really fast and painless. I've cvsuped my > sources and made buildkernel / installkernel last night on my internet > gateway, and finally rebooted. The reboot was so fast that my computer > behind this gateway didn't even lose it's IRC session. You -can- patch a run-time kernel by loading a KLD which, with a bit of magic voodoo, replaces whatever function you want with your own. That said, the TCP reassembly patch is quite complex compared to other bugfixes and may well not be as easy to patch this way. If there are new structures being used, things get quite nasty fast. I agree with Patrick that a reboot is the safest and really-not-that-sucky way to resolve this. -- G.P. de Boer
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1078326248.627.13.camel>